Integrations
Kandji
About Kandji
Kandji is a cloud-native Apple device-management (MDM) and security platform that helps IT and InfoSec teams deploy, configure and protect Apple devices at scale through deep automation and policy-driven controls. Connecting Kandji to Serval lets you pull real-time inventory, enforce compliance and run remote commands directly from chat.What the Kandji integration enables
| Capability | Description |
|---|---|
| Access Management | Remove users from Kandji |
| Automation workflows | Streamline device provisioning and management, enforce compliance, and more |
Kandji configuration (generate an API token)
Who Can Create API Tokens?
| Kandji Role | Access to Settings ▸ Access ▸ API Tokens | Notes |
|---|---|---|
| Account Owner | ✅ | Full, non-revocable access. |
| Administrator | ✅ | Full access; can be revoked by other admins. |
| Standard / Help Desk / Auditor-type roles | ❌ (by default) | Can only create a token if their custom role is explicitly granted the API Token permission. |
Note: Roles without Settings access (e.g., Standard, Help Desk) cannot reach the Access tab unless a custom permission set is applied.
Kandji API Setup
Follow the steps provided by Kandji to create your API Token here: Kandji API Setup GuideMake sure to grab your Tenant Slug (the part of the URL before the
.kandji.io) from the Kandji API Setup Guide. You will need this to configure the Kandji integration in Serval.
(e.g., acme NOT https://acme.kandji.io)With your Kandji API token and tenant slug in hand, you’re ready to move on to Part 4—connecting Serval so it can automate Apple device workflows on your behalf.
Serval Configuration
When entering your Kandji tenant information, make sure to enter only the slug (e.g.,
acme), not the full URL (e.g., acme.kandji.io).- In Serval go to Apps → Available → Kandji → Connect.
- Enter your Tenant Slug and the Bearer Token you generated above.
- Click Save.