> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure the Collector

> Configure the OpenHound Jamf collector to gather data from your Jamf Pro tenant.

export const source_0 = "Jamf"

export const env_0 = "Pro tenant"

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

This page covers configuring the OpenHound Jamf collector for your Jamf Pro tenant.

## Prerequisites

* OpenHound installed with the Jamf collector included. Follow the OpenHound [installation](/openhound/community) instructions to set up OpenHound for BloodHound Community Edition. The Jamf collector is included by default in the OpenHound container image.
* A Jamf Pro account with permissions to access the Jamf Pro API. See the options below for recommended roles and permissions.

<Note>The OpenHound setup instructions for BloodHound Community Edition also apply to BloodHound Enterprise users, for now.</Note>

### Auditor Account (Recommended)

Create a [new account](https://docs.jamf.com/10.36.0/jamf-pro/install-guide-linux/Jamf_Pro_User_Accounts_and_Groups.html) directly assigned or part of a group assigned the "Auditor" default Jamf Pro role with "Full Access".

This account will have restricted read permissions to Jamf Pro objects.

### Administrator Account

The OpenHound Jamf collector can authenticate using username and password for an account that has the default "Administrator" role with "Full Access" or member of a group with the "Administrator" role and "Full Access".

This is the least secure option and does not follow the best practice of least-privilege.

## Configure OpenHound

The following OpenHound configuration parameters are required to run the Jamf collector. These can either be set
via the `[sources.source.jamf]` section of the secrets file or via environment variables using the `SOURCES__SOURCE__JAMF` prefix.

| Parameter Name | Environment Variable  | Description                                                                        |
| -------------- | --------------------- | ---------------------------------------------------------------------------------- |
| `username`     | \{PREFIX}\_\_USERNAME | The username of the account used to authenticate to the Jamf Pro API.              |
| `password`     | \{PREFIX}\_\_PASSWORD | The password of the account used to authenticate to the Jamf Pro API.              |
| `host`         | \{PREFIX}\_\_HOST     | The full host/url of the Jamf Pro tenant. For example: `https://jamf.example.com`. |

### Example Configuration

```toml title="secrets.toml" theme={null}
[sources.source.jamf]
username = "myusername"
host = "https://tenant.jamfcloud.com"
password = "mypassword"
```

## Running OpenHound and Collecting Data

After you set the required configuration parameters, [run](/openhound/community#collect) OpenHound to start the {source_0} collector and collect data from your {source_0} {env_0}. The collector will generate JSON files in the output directory that can be uploaded to BloodHound for analysis.