Notifications
Clear all
Topic starter
12/06/2026 9:07 pm
TL;DR: Device control and access deprovisioning still fail when lifecycle steps stay split across tools, according to Zluri. Its Jamf integration centralises Mac enrollment, software management, and offboarding workflows, and notes that 320 prospects visited its JNUC booth.
NHIMG editorial — based on content published by Zluri: Zluri Features Zluri + Jamf - Rewinding to the Jamf Nation User Conference (JNUC)
By the numbers:
- A whopping 320 curious prospects visited our booth.
Questions worth separating out
Q: How should teams align device enrollment with access provisioning?
A: Teams should define one lifecycle trigger that binds endpoint enrollment to account activation, then make each downstream app or SaaS entitlement depend on that state.
Q: Why do offboarding workflows often leave access behind?
A: Offboarding fails when revocation stops at one control plane and never reaches the others.
Q: How do organisations know whether software governance is working?
A: Software governance is working when assigned licenses, installed apps, and actual usage all reconcile against the same identity record.
Practitioner guidance
- Map enrollment to access provisioning Define the exact trigger points where a new Mac device should create or activate SaaS access, and document which system is authoritative for each step.
- Test offboarding as a full revocation chain Verify that device locking, application deprovisioning, and account disablement all complete in the same workflow, with no manual handoff between teams.
- Tie software usage to entitlement reviews Use installed-app and usage data to confirm whether assigned software licenses still match active users, then remove stale entitlements before the next review cycle.
What's in the full article
Zluri's full post covers the operational detail this post intentionally leaves for the source:
- The event recap and booth narrative from JNUC, including the session framing and attendee interactions.
- The practical workflow details behind the Jamf and Zluri integration for Mac onboarding and offboarding.
- The software management angle, including silent agent deployment and Effective License Position tracking.
- The vendor's own explanation of how the integration supports device locking and SaaS deprovisioning.
👉 Read Zluri's recap of the Jamf and Zluri integration at JNUC →
Jamf and Zluri integration: what it means for device access control?
Explore further
12/06/2026 10:58 pm
Device management becomes an identity control only when it is tied to lifecycle state. The Jamf and Zluri pattern shows that endpoint administration is not just an IT operations function when user enrollment and cloud access are linked. Without that linkage, device policy and access policy drift apart. Practitioners should treat endpoint management as part of lifecycle governance, not a separate administrative layer.
A few things that frame the scale:
- 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why fragmented lifecycle control is such a persistent governance issue.
A question worth separating out:
Q: What is the difference between endpoint management and access governance?
A: Endpoint management controls the device itself, including enrollment, software, and lock state. Access governance controls what the identity can reach across applications and systems. In practice, the two must be linked because a secured device with open SaaS access is still an exposure, and revoked access on a live endpoint can still leave the user able to work.
👉 Read our full editorial: Jamf and Zluri integration points to device and access governance
