Jamf Concepts
Guides

Guides

Form to Wipe

Form to Wipe

Form to Wipe (FTW) is a secure, approval-gated device wipe workflow that connects Slack or GitHub to the Jamf Platform API. A requestor submits a wipe request; a separate approver reviews and approves it; the workflow sends an MDM erase command to the target device. Every step is logged.

FTW is available in two deployment paths. The architecture and security model are identical across both — only the interface and infrastructure requirements differ.

How It Works

Requestor submits → Approver reviews → Requestor confirms → Erase command sent → Results logged
  1. A requestor submits a wipe request via a Slack slash command or GitHub Issue, specifying the target tenant, device type, device ID(s), and a reason.
  2. The workflow routes the request to an approver. The approver cannot be the same person as the requestor — this is enforced at the platform level in both paths.
  3. The approver reviews the request and approves or denies it.
  4. If approved, the requestor receives a final confirmation prompt before the erase command fires.
  5. The workflow calls the Jamf Platform API to send an MDM erase command to each target device.
  6. Results are posted back to the requestor and written to an audit log.

Supported Targeting

FTW supports three ways to specify which devices to wipe:

  • Single device — one Jamf Pro record ID
  • Multiple devices — comma-separated list of Jamf Pro record IDs
  • Device group — smart or static group name, resolved to member device IDs via the Platform API at runtime

Supported Device Types

Type Platform Erase Options
Computer macOS Optional Find My PIN
Mobile Device iOS / iPadOS Preserve data plan, clear Activation Lock, return to service, disallow proximity setup

Multi-Tenant Support

Both deployment paths support multiple Jamf tenants. Tenants are configured as paired lists of display names and UUIDs. The requestor selects a tenant from a dropdown at submission time — the selected tenant is carried through every downstream step automatically.

JAMF_TENANT_NAMES = Production, Staging, Lab
JAMF_TENANT_IDS   = aaaaaaaa-..., bbbbbbbb-..., cccccccc-...

Security Model

FTW is built around three security principles:

Separation of duties. The requestor cannot approve their own request. This is enforced at the platform level — GitHub branch protection rules and Slack modal routing logic both prevent self-approval before the request reaches an approver.

Audit trail. Every action — submission, approval, denial, confirmation, erase result, timeout — is logged with actor identity, timestamp, and tenant. The GitHub Workflow path uses merged Pull Requests as immutable audit records; the n8n path writes to a Slack audit channel.

Credential isolation. Jamf Platform API credentials are stored as environment secrets, never in workflow code or request bodies. The n8n path uses a shared secret token to verify that incoming Slack requests are genuine before processing them.

Jamf Platform API Prerequisites

Both paths require a Jamf Platform API OAuth2 client with the following privileges:

Privilege Why it's needed
Read Computers Look up computer name and management ID by record ID
Read Mobile Devices Look up mobile device name and management ID by record ID
Read Computer Groups Resolve smart and static group membership for group-scope targeting
Read Mobile Device Groups Resolve mobile device group membership for group-scope targeting
Send Computer Remote Erase Command Issue erase command to macOS devices
Send Mobile Device Remote Erase Command Issue erase command to iOS/iPadOS devices

Create the API client in Jamf Pro under Settings → API roles and clients → API Clients → New.

Choosing a Deployment Path

n8n GitHub Workflow
Interface Slack modal GitHub Issue + PR
Approval UX Slack DM PR review
Approver source Entra, Okta, or Slack usergroup Branch protection + CODEOWNERS
Audit log Slack channel Git history (permanent)
Infrastructure n8n instance required None (GitHub-hosted runners)
Real-time timeout ✅ Configurable ❌ Manual close
Cost n8n license Free (public) / Actions minutes

Choose n8n if your team already runs n8n, you want a Slack-native modal experience, or you need Okta or Slack usergroup-based approval routing.

Choose GitHub Workflow if you want zero infrastructure, audit trail is a priority (every wipe is a merged PR — permanent git history), and your IT team is comfortable working in GitHub.


Ready to deploy? Jump to the guide for your chosen path: