Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About Iru Endpoint

Iru Endpoint manages Apple, Windows, and Android devices. Apple coverage includes macOS, iOS, iPadOS, tvOS, and visionOS. Turn on Windows and Android in your tenant to use enrollment and policies there. For setup order and prerequisites, see Getting Started. Endpoint includes zero-touch deployment, app and OS patch management, compliance templates, threat detection, and APIs for automation. With this source on, Compliance can pull evidence about how devices are managed and how policy lines up with what is deployed, based on what your framework actions ask for.

What you may see collected

Depending on product configuration, examples include:
  • Device enrollment and management records
  • Configuration or policy enforcement signals exposed to Compliance
  • Endpoint compliance or posture summaries
  • Inventory and assignment context relevant to controls

Typical control themes

  • Endpoint management and asset inventory
  • Device security configuration
  • Operational visibility over managed endpoints

Endpoint documentation

Configure devices, policies, and agents using the Getting Started path: foundation setup, platform setup, Blueprints and Library, and enrollment. Map Compliance actions to the evidence types your security team expects (for example enrollment proof, configuration exports, or reports).

Prerequisites

  • Read Iru API Overview before you connect. Create an API token and note your tenant’s Iru API URL (US or EU). Note the app value: the base domain for the Iru API (the segment that appears in that URL before .api.kandji.io, .api.eu.kandji.io, or .api.iru.com).
  • In the Iru Endpoint web app, open Access (from the account menu) to create or edit API tokens, then Configure permissions: turn on every GET endpoint your security policy allows. GET and Read are the same in this model: read-only collection uses GET only, so you do not need to enable POST, PUT, PATCH, or DELETE for the Compliance connector. The more GET (read) coverage the token has, the more Iru can automate evidence from this source.

Connect Iru Endpoint to Iru

Iru Endpoint

1

Review the Iru Endpoint API documentation

In the Iru Endpoint web app, open Iru API Overview and create an API token to paste into the Compliance connector. In Access → API token Permissions, enable GET for the API routes you need. GET is equivalent to Read; Compliance collection does not require write methods. Where policy allows, enabling GET broadly improves automation (see Prerequisites).

Iru Compliance

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on Iru Endpoint

Find Iru Endpoint (set Category to Security or use Search by name or description). On that card, turn on the toggle. A new browser tab opens for Iru is requesting access to external services (the connector wizard).
3

Select API region

Select a server: Choose Iru API URL (US) (https://{app}.api.kandji.io) or Iru API URL (EU) (https://{app}.api.eu.kandji.io) to match where your tenant is hosted, then Confirm Server. Here {app} is the base domain segment for the Iru API. If your admin UI shows api.iru.com instead of api.kandji.io, use the same region and app value your tenant uses.
4

Configure the app variable

In the app field, enter the segment from your tenant’s Iru API URL (see Iru API Overview). Confirm the preview matches your tenant URL, then continue with Configure Server Variables.
5

Submit the Bearer token

Enter Bearer Token: Paste the Bearer JWT API token you created (with GET / Read permissions as in Prerequisites). Submit with Submit Bearer Token until you see Connection Configured.
6

Confirm the source is Active

Return to ComplianceSources and confirm the Iru Endpoint card is Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Confirm the token is complete, not expired, and includes GET (Read) access for the routes Compliance calls. Verify the US vs EU server choice and the app value (the base domain for the Iru API) match Iru API Overview.

See also