NinjaOne RMM Integration
Connect your NinjaOne RMM platform to give AI agents read-only access to IT infrastructure data, including organizations, devices, alerts, and software inventory.
Overview
The NinjaOne RMM Integration is purpose-built for MSPs and IT teams managing distributed infrastructure. It provides 3 action-based tools that allow AI agents to query your NinjaOne organizations, search and inspect devices, and retrieve deep device intelligence including software inventory, OS patches, disk health, and active alerts.
The integration uses client credentials OAuth 2.0: you supply your NinjaOne API credentials once during setup, and the system manages token acquisition automatically. Once connected, a "NinjaOne" tool group is automatically created and ready to assign to any agent.
All 3 NinjaOne tools are strictly read-only. Agents cannot run scripts, push policies, remediate issues, or make any configuration changes through this integration.
Use Cases
- Device Health Check - Agent queries the health status and active alerts of a specific device when an employee reports a problem
- IT Budget Planning - AICOS retrieves device inventory counts and types to prepare an IT asset report for budget planning discussions
- Support Ticket Triage - Agent queries active alerts and OS patch status to prioritize incoming IT support tickets
- Software Compliance - Agent retrieves installed software inventory on a specific device to verify license compliance
- Customer Site Overview - Agent lists all devices for a specific organization to provide a site health summary
How It Works
IT Admin enters Token acquired Agents query NinjaOne
NinjaOne credentials via client credentials using tool group
| | |
v v v
+--------------+ +-------------------+ +------------------+
| Instance URL | | OAuth2 client | | Search orgs, |
| Client ID | ---> | credentials flow, | ---> | devices, get |
| Client Secret| | token cached | | device details, |
| | | per execution | | alerts, software |
+--------------+ +-------------------+ +------------------+
Getting Started
Prerequisites
Before connecting NinjaOne:
- Pro Plus+ Subscription - The NinjaOne integration requires the
custom.ninjaonefeature code on your subscription - NinjaOne Account - Your organization must have an active NinjaOne RMM subscription
- NinjaOne API Application - You must create an API application in NinjaOne to get a client ID and client secret (see NinjaOne documentation for creating OAuth applications)
- Control Bridge Admin Access - You must be a Control Bridge administrator to configure the integration
To create a NinjaOne API application, navigate in NinjaOne to Administration > Apps > API and create a new client credentials application. Grant it read-only permissions for Organizations, Devices, and Activities.
Step 1: Enter NinjaOne Credentials
- Navigate to Build > Connections > NinjaOne
- Enter your NinjaOne Instance URL - this is the base URL for your NinjaOne instance (e.g.,
app.ninjarmm.comfor US,eu.ninjarmm.comfor EU) - Enter your Client ID from your NinjaOne API application
- Enter your Client Secret from your NinjaOne API application
- Click Save Connection
Step 2: Test the Connection
- After saving, click Test Connection
- The system attempts to acquire an access token using your client credentials
- Confirm you see a success message indicating the connection is active
Step 3: Assign the NinjaOne Tool Group to Agents
NinjaOne tools are bundled into a "NinjaOne" tool group automatically created at connection time:
- Navigate to Build > AI Agents > Agents
- Edit the agent that should have NinjaOne access
- Go to the Tools tab
- In the Tool Groups section, enable the NinjaOne group
- Save the agent
All 3 NinjaOne tools are assigned together as a single unit via the tool group.
Available Tools
When NinjaOne is connected, 3 read-only tools are created and grouped under the "NinjaOne" tool group.
1. NinjaOne Search Organizations (ninjaone_search_organizations)
Search, list, and retrieve organization (customer) data from your NinjaOne RMM instance.
| Parameter | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | list, get, locations, users, or search |
| organization_id | integer | Conditional | NinjaOne organization ID (required for get, locations, users) |
| search_query | string | Conditional | Organization name for partial match search (required for search) |
| page_size | integer | No | Number of results to return (default: 50, max: 1000) |
| after | integer | No | Cursor for pagination - ID of the last item from the previous page |
Action summary:
| Action | Description |
|---|---|
list | List all organizations with pagination |
get | Get detailed info for a specific organization, including settings, policy mappings, and custom fields |
locations | List locations (sites) for an organization |
users | List end-users associated with an organization |
search | Search organizations by name (partial match) |
The search action performs client-side filtering over paginated results and is capped at 1000 organizations to prevent excessive API calls. For large environments, use list with cursor-based pagination for complete access.
Example response fields for list/search:
| Field | Description |
|---|---|
organizations[].id | Organization ID |
organizations[].name | Organization name |
organizations[].description | Organization description |
totalCount | Total number of results returned |
hasMore | Whether more pages exist |
nextCursor | Cursor value for the next page |
2. NinjaOne Search Devices (ninjaone_search_devices)
Search, list, and retrieve device data from your NinjaOne RMM instance.
| Parameter | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | list, get, search, or list_by_organization |
| device_id | integer | For get | NinjaOne device ID |
| organization_id | integer | For list_by_organization | NinjaOne organization ID |
| search_query | string | For search | Search query matching device name, DNS name, or serial number |
| page_size | integer | No | Number of results to return (default: 50, max: 1000) |
| after | integer | No | Cursor for pagination |
Action summary:
| Action | Description |
|---|---|
list | List all devices with full details and pagination |
get | Get detailed info for a specific device including OS, last contact, applied policy, and custom fields |
search | Search devices by name, DNS name, or serial number |
list_by_organization | List all devices for a specific organization |
Example response fields for list/list_by_organization:
| Field | Description |
|---|---|
devices[].id | Device ID |
devices[].organizationName | Parent organization name |
devices[].systemName | System hostname |
devices[].dnsName | DNS name |
devices[].os | Operating system |
devices[].lastContact | Last contact timestamp |
devices[].status | Device status |
totalCount | Total number of results |
hasMore | Whether more pages exist |
3. NinjaOne Device Intelligence (ninjaone_device_intelligence)
Retrieve detailed device intelligence data including disks, installed software, OS patches, active alerts, and custom fields.
| Parameter | Type | Required | Description |
|---|---|---|---|
| action | string | Yes | disks, software, os_patches, alerts, or custom_fields |
| device_id | integer | Yes | NinjaOne device ID (required for all actions) |
| page_size | integer | No | Number of results to return (default: 50, max: 1000) |
| after | integer | No | Cursor for pagination |
Action summary:
| Action | Description |
|---|---|
disks | Get disk drive information including model, size, interface type, and health status |
software | Get installed software inventory including version, publisher, and install date |
os_patches | Get pending and failed OS patches with severity and KB article reference |
alerts | Get active alerts for the device including severity, message, and source policy |
custom_fields | Get custom field values configured in NinjaOne for the device |
Example response fields for os_patches:
| Field | Description |
|---|---|
patches[].name | Patch name |
patches[].severity | Severity level |
patches[].status | PENDING, FAILED, or REJECTED |
patches[].kbArticle | KB article reference |
patches[].releaseDate | Release date |
Example response fields for alerts:
| Field | Description |
|---|---|
alerts[].severity | Alert severity |
alerts[].message | Alert message |
alerts[].sourcePolicy | Source policy name |
alerts[].createdAt | Alert creation timestamp |
A typical device intelligence workflow: use ninjaone_search_devices with search action to find the device by name, then use the returned device_id with ninjaone_device_intelligence to retrieve alerts or software inventory.
Security & Limitations
Security
- Client credentials OAuth 2.0 - Uses the industry-standard client credentials flow for secure, automated authentication
- Read-only access - All API calls are GET requests only; no write, script execution, or management operations are possible
- Encrypted credential storage - Client secret is stored encrypted at rest
- Token refresh per execution - Access tokens are loaded fresh on each execution to ensure expiry data is current
- Tenant isolation - Credentials and tools are strictly scoped to your tenant
- Audit logging - Every tool execution is logged via the unified audit log with operation name, parameters, duration, and success/failure
Limitations
- Read-only - Cannot run scripts, push policies, remediate alerts, or make any changes in NinjaOne
- Single connection - Only one NinjaOne connection per Control Bridge tenant
- Search cap - Organization and device name searches are capped at 1000 results (10 pages) for performance
- No remote access - Cannot initiate remote connections to devices
- No ticket creation - Cannot create or update NinjaOne tickets (if your instance uses ticketing)
- Custom fields read-only - Can read custom field values but cannot update them
Troubleshooting
Connection Test Fails
Problem: The test connection returns an error after entering credentials
Solutions:
- Verify your NinjaOne instance URL is correct (do not include
https://- just the hostname, e.g.,app.ninjarmm.com) - Confirm the client ID and client secret are correct and match the API application in NinjaOne
- Ensure the API application in NinjaOne is enabled and not expired
- Verify the API application has the required read permissions for Organizations and Devices
Agent Cannot Find NinjaOne Tools
Problem: NinjaOne tools do not appear when editing an agent
Solutions:
- Verify the NinjaOne connection is active at Build > Connections > NinjaOne
- Check that the "NinjaOne" tool group exists at Build > AI Agents > Tool Groups
- Assign the NinjaOne tool group (not individual tools) to the agent
- Refresh the page and try again
Agent Returns "NinjaOne Connection Is Currently Unavailable"
Problem: Agent execution returns a connection error
Solutions:
- Navigate to Build > Connections > NinjaOne and click Test Connection
- If the test fails, verify your client credentials are still valid in NinjaOne
- Check if the API application has been disabled or expired in NinjaOne Administration
- Update the credentials if they have been rotated
Device Search Returns No Results
Problem: ninjaone_search_devices with search action returns an empty list
Solutions:
- Verify the search query matches part of the device name, DNS name, or serial number
- Use the
listaction first to confirm devices exist in your NinjaOne instance - Try the
list_by_organizationaction with a known organization ID to verify device data is accessible - Check that the devices are active and not archived in NinjaOne
Device Intelligence Returns Errors
Problem: ninjaone_device_intelligence returns an error for a specific device
Solutions:
- Verify the
device_idis correct - useninjaone_search_deviceswithgetto confirm the device exists - Some device intelligence data may be unavailable for offline or recently added devices
- Custom fields data requires custom fields to be configured in your NinjaOne instance
Best Practices
Agent Instructions
Help your agents use NinjaOne tools effectively:
When working with NinjaOne RMM data:
1. Start with ninjaone_search_organizations to find the relevant organization,
then use list_by_organization to scope device searches
2. When looking up a specific device, use the search action with the device
hostname or name before retrieving details
3. For comprehensive device health checks, combine ninjaone_device_intelligence
with both the alerts and os_patches actions for a complete picture
4. Use the device ID from search results consistently - IDs are stable
identifiers for follow-up queries
Configuration
- Assign the NinjaOne tool group to agents that handle IT support or infrastructure monitoring tasks
- Consider creating a dedicated IT operations agent with NinjaOne access rather than adding it to general-purpose agents
- Test the integration with common IT queries (active alerts, device count by organization) after setup
Security
- Use a dedicated API application in NinjaOne for Control Bridge, separate from any human user credentials
- If you rotate the client secret in NinjaOne, update it in Control Bridge promptly
- Review agent execution logs periodically to monitor what NinjaOne data agents are accessing
Related Topics
- Tools Overview - All available agent tools
- Agents - Configure agents to use tools
- Agent Executions - View tool execution logs
- Pax8 Marketplace Integration - Cloud marketplace integration for MSPs
- Crayon Cloud IQ Integration - Cloud license management integration for CSP resellers