Skip to main content
This guide requires Jamf Pro. Jamf Now and Jamf School have different script deployment capabilities.

Prerequisites

  • Jamf Pro admin access
  • Organization API key from Runlayer with MCP Watch Scan role
Organization API keys authenticate MDM-deployed scripts without per-device enrollment.
1

Navigate to API Keys

Go to Settings in the Runlayer dashboard and select the API Keys tab
2

Create a New Key

Click + Create Organization API Key
3

Configure the Key

  • Name (required): Enter a descriptive name (e.g., “MDM MCP Watch”)
  • Role: Select MCP Watch Scan
4

Copy the Key

Copy the generated key (starts with rl_org_) and store it securely
Organization API keys are shown only once. Store them securely and treat them like passwords.

Deployment Steps

1

Generate the Script

Fill in your settings below to generate a deployment script.
  • DEVICE_NAME: Use Jamf script parameter $2 (computer name) to identify the device.
2

Upload to Jamf Pro

  • Navigate to Settings > Computer Management > Scripts
  • Click New, paste the generated script
  • Set Priority to “After”
  • Save
3

Create a Policy

  • Navigate to Computers > Policies > New
  • Scripts: Add your uploaded script
  • Scope: Select target computers or groups
  • Trigger: Recurring Check-in
  • Frequency: Ongoing
  • Save to deploy

Verification

Open a client application (e.g., Cursor) on a target device and confirm the synced MCP servers appear. Check policy execution status in Jamf Pro. If something went wrong, check /var/log/runlayer-sync.log on the device.