Set Up Instructions

Kandji Integration

Connect Kandji to Ploy to gain visibility into your managed Apple devices and who has access to them.

Overview

Kandji is an Apple device management (MDM) platform that helps organizations deploy, secure, and manage Mac, iPhone, iPad, and Apple TV devices. By connecting Kandji to Ploy, you can see which devices are managed, their compliance status, and who they're assigned to — enabling better visibility into your device fleet and access patterns.

What Ploy syncs

  • Devices — platform, model, OS version, serial number, UDID, blueprint, agent version, last check-in time, and status (active/archived)

  • Device assignments — which users have access to each managed device

  • Device status — whether devices are missing, removed, have MDM enabled, or have the agent installed

Before you begin

You'll need a Kandji API token with the correct permissions. The token must be created from your Kandji admin account.

Set up the integration

Create a Kandji API token

  1. Log in to your Kandji admin console.

  2. Go to SettingsAccess.

  3. Click Add API Token.

  4. Enable the following permissions:

    • Device list — required to scan your device inventory

    • Device details — required to retrieve device attributes and assigned users

  5. Copy the token — you'll need it for setup in Ploy.

Connect Kandji to Ploy

  1. In Ploy, navigate to Integrations.

  2. Find and select Kandji from the catalog.

  3. Enter your Kandji subdomain — use only the subdomain, not the full URL. For example, if your Kandji URL is acme.api.eu.kandji.io, enter acme.

  4. Select your region: US or EU.

  5. Paste your API token.

  6. Click Connect.

Ploy will test the connection and begin syncing your Kandji device inventory. Devices sync every 2 hours.

Troubleshooting

Enter only your subdomain, not the full URL

If you see this error, you entered a full URL instead of just the subdomain. For acme.api.eu.kandji.io, enter only acme.

API token does not have sufficient permissions

Your API token is missing the Device list permission. Go to Kandji Settings → Access, edit the token, and enable Device list. Save the token and try again.

Failed to authenticate with Kandji

Double-check your subdomain and API token for typos. Make sure you selected the correct region (US or EU) that matches your Kandji tenant.

API endpoint not found

The subdomain may be incorrect. Verify your actual Kandji subdomain from your Kandji admin console URL and re-enter it.

Could not reach Kandji

This usually means the region is wrong. If your Kandji tenant is in the EU but you selected US (or vice versa), the connection will fail. Switch the region setting and try again.

Invalid API token

The token was not recognized by Kandji. Re-copy the token from Kandji Settings → Access and paste it fresh. Make sure no extra spaces were included.

Was this helpful?