Jamf Self Service Credential Helper is a skill that provides scripting patterns for systems engineers who write Jamf Self Service or Kandji scripts on macOS. The core problem it addresses is that Jamf scripts run as the root user while user interaction happens in the logged-in user context, making it easy to inadvertently capture ‘root’ instead of the actual human user.
For user detection, the skill implements four distinct methods: stat, scutil, the $3 parameter, and console. Using multiple methods guards against edge cases such as fast user switching and macOS version differences that can cause any single approach to return incorrect results.
For credential prompting, the skill supplies production-ready script templates that use AppleScript and JamfHelper dialogs to collect passwords, then validate them against dscl or the macOS keychain. The templates are written to avoid logging sensitive data, following macOS security practices to prevent credential leakage in system logs.
The skill also includes adaptations for Kandji custom commands and Iru equivalents, making it usable beyond pure Jamf environments. Intended use cases include FileVault re-enforcement scripts, privilege elevation tools, and custom MDM workflows that require authenticated user interaction. It is not a general macOS scripting library and does not cover MDM enrollment, device inventory, or policy management outside of credential-related scripting patterns.