JF
Jamf Pro
Real-time inventory of managed Macs and iOS devices, policy snapshots, and last check-in stats — straight from the Jamf API.
▸ /var/ops/digitalworkplace The operations console for the digital workplace.
A self-hosted operations surface for the team — Jamf Pro inventory, Microsoft Entra ID at a glance, and a one-click flow for new members to request an account. All behind a single Microsoft sign-in.
// what's inside
Three live surfaces, one console.
Each card pulls live data from the upstream API on every page view — no stale snapshots, no scheduled jobs, no cache to invalidate.
ID
Entra ID
Users, groups, license consumption and the most recent sign-ins from your tenant via Microsoft Graph (read-only by default).
↳
Account requests
Public form for colleagues. One click in the admin UI provisions a B2B guest invite or a full member account in Entra ID.
/api/jamf/stats
~42ms
avg upstream latency
/api/health
99.97%
7-day uptime · self-reported
build
v1.0.0
node 20 · express 4 · sqlite 3
tls
A+
tls 1.3 · let's encrypt
// the stack
Self-hosted. Served by nginx. Authenticated by Microsoft.
A static frontend served straight by nginx. A Node.js + Express API tucked behind it. SQLite holds the request queue and the audit log. MSAL.js handles the Microsoft sign-in dance; the backend validates every JWT against Entra's JWKS and proxies the privileged Graph calls so daemon credentials never touch the browser.
The whole thing runs as a systemd unit on bare metal
in the office. No Docker, no cloud. journalctl -fu
digitalworkplace-api is the dashboard.
frontendnginx · static html · msal.js
apinode 20 · express · helmet · zod
authentra id · oidc · jwks
storesqlite · wal mode
upstreamgraph v1.0 · jamf pro v1/v2
tlslet's encrypt · auto-renew
deploysystemd · install.sh · 1 file
// need access?
Request an account
Drop your details — the team will provision you in Entra.
Guest invites take a single click. Member accounts land in your inbox shortly after.