Dex
← All integrations
Iru (Kandji) logo
Device Management

Iru (Kandji)

Manage your Apple fleet — Macs, iPhones, and iPads — from plain-language requests.

Dex connects to Kandji, the Apple device management (MDM) platform, through its REST API and lets CoAdmin fleet managers and Dex Go self-service users run everyday Apple device operations in natural language — listing and inspecting Macs, iPhones, and iPads, reviewing OS versions and last check-in, checking installed apps and blueprint status, confirming FileVault and Activation Lock, and running device actions like lock or restart — with policy guardrails and audit logging. Per-customer policy-based scoping keeps each customer's devices isolated for MSPs.

Book a Demo

What Dex does with Iru (Kandji)

Dex handles both admin workflows and employee self-service — all policy-guardrailed and audit-logged.

A

For admins (CoAdmin)

  • List every enrolled device across the tenant — computers (Macs) and mobile devices (iPhones, iPads)
  • Drill into any device for hardware details, serial number, OS version, model, and last check-in time
  • Review the apps installed on a device and confirm what Kandji is reporting
  • Inspect a device's assigned blueprint and the status of its Library items and parameters
  • Check security posture — FileVault encryption state and Activation Lock status
  • Review compliance and parameter status to spot devices drifting from their blueprint
  • Run device actions on demand — lock or restart a device, or reinstall the Kandji agent
  • Trigger a remote wipe (erase) on a lost or decommissioned device, gated behind approval
E

For employees (self-service)

  • Check whether your own Mac, iPhone, or iPad is enrolled and what Kandji is reporting
  • See your device's OS version, model, and when it last checked in
  • Confirm your device is compliant with its blueprint before contacting IT
  • Verify FileVault encryption is on for your own Mac

Just ask Dex

Your team types a request in plain language. Dex investigates, plans, and executes — with the right guardrails.

Admin prompts

  • >List every Mac that hasn't checked in to Kandji in the last 7 days
  • >Show me the OS version and FileVault status for serial number C02XXXXXXXXX
  • >Which iPhones in the fleet are running an OS older than iOS 17?
  • >Lock the MacBook assigned to jordan@acme.com — it was reported stolen
  • >Show the blueprint and failing Library items for device 1a2b3c4d

Employee prompts

  • >Is my MacBook enrolled in Kandji?
  • >What OS version does Kandji see on my iPhone and when did it last check in?
  • >Is FileVault turned on for my Mac?
  • >Is my iPad compliant with its blueprint?

Policy actions

Every action Dex can take on Iru (Kandji) is declared, scoped, and guardrailed. Admins control which apply, who approves them, and whether they're limited to self-service.

ActionWhat it does
kandji_list_devicesList and search enrolled Apple devices (Macs, iPhones, iPads) in Kandji
kandji_view_deviceView device details — hardware, OS version, last check-in, apps, blueprint, FileVault, and Activation Lock
kandji_view_complianceView blueprint, Library item, and parameter/compliance status for a device
kandji_run_actionRun a device action — lock or restart a device, or reinstall the Kandji agent
kandji_erase_deviceRemotely wipe (erase) a device — irreversible, for lost or decommissioned hardware

How to configure Iru (Kandji)

Onboarding takes minutes. Dex validates your credentials before saving them.

Setup steps

  1. 1
    Sign in to your Kandji web app as an administrator and go to Settings > Access.
  2. 2
    Under the API Token section, create a new API token and copy it — it is shown only once.
  3. 3
    Note your tenant API URL shown alongside the token (e.g., https://SubDomain.api.kandji.io).
  4. 4
    In Dex, enable the Kandji integration and paste the API URL and API token.
  5. 5
    Dex validates the credentials by listing devices before saving the connection.
  6. 6
    Configure policy actions (list_devices, view_device, run_action, erase_device) with approval requirements as needed.
Vendor documentation ↗

Credentials required

api_url
Your tenant API URL (e.g., https://SubDomain.api.kandji.io)
api_token
Kandji API token (Settings > Access > API Token; shown only once at creation)

Requirements

  • Kandji subscription with at least one enrolled Apple device (Mac, iPhone, or iPad)
  • API token created in the Kandji web app under Settings > Access
  • API token authorized for the device, action, and library endpoints Dex should use
  • Tenant API URL — the subdomain is specific to your Kandji instance
  • Token is sent as a Bearer token in the Authorization header
  • Destructive actions (erase, lock) require the corresponding API token permissions in Kandji

Related integrations

See Dex run Iru (Kandji)

Book a 30-minute walkthrough with our team and see how autonomous IT works in your environment — or get started for free.

Book a DemoBrowse all integrations →