NinjaOne is configured in MSP Settings → Integrations.
How to connect
NinjaOne uses OAuth Authorization Code + PKCE because script execution on devices requires a user-consented token (Client Credentials alone won’t work). Each MSP creates their own API app inside NinjaOne — there is no shared vendor app. You’ll do two things: enter your API app credentials, then authorize Rallied.ai in a NinjaOne consent popup.Create an API app in NinjaOne
Sign in to NinjaOne as an administrator. Go to Administration → Apps → API → Add. Create a new app with:
- Application platform — Web
- Redirect URI — the Rallied.ai callback URL shown on the connect form (
https://<tool-gateway>/dashboard/integrations/ninjaone-callback) - Scopes —
monitoring,management,control
Enter your credentials
Fill in:
- Client ID — from your NinjaOne API app
- Client Secret — from your NinjaOne API app
- Region — pick the NinjaOne instance that matches your tenant:
- US —
app.ninjarmm.com - US2 —
us2.ninjarmm.com - EU —
eu.ninjarmm.com - Oceania —
oc.ninjarmm.com - Canada —
ca.ninjarmm.com
- US —
Authorize Rallied.ai
After saving, a Authorize NinjaOne step opens. Click through to NinjaOne in the popup, sign in if prompted, and approve the requested scopes. NinjaOne redirects back to Rallied.ai with an authorization code that is exchanged for an access token + refresh token.The card shows Connected when complete.
The access token is refreshed automatically using the refresh token. If a user revokes the API app in NinjaOne or rotates the client secret, the integration will fail — reconnect from MSP Settings → Integrations.
How the agent uses it
When a request maps to a NinjaOne-managed device — “is the print server up?”, “reboot the kiosk in the lobby”, “run our cleanup script on all of Acme’s workstations” — the agent typically:- Finds the organization and device.
- Gathers context — recent activity, installed software, services, disks, volumes, and alerts.
- Takes action — starting, stopping, or restarting a service, rebooting the device, or running one of your NinjaOne library scripts.
- Wraps up by dismissing the original alert and/or creating a ticket.
Running custom bash scripts (Linux and macOS)
By default, NinjaOne can only run scripts that already exist in your script library. To let the agent run ad-hoc bash on Linux or macOS endpoints, you set up a one-time bridge script and paste its ID into the NinjaOne integration page.Create the bash runner script in NinjaOne
In NinjaOne, create a new Mac/Linux script with:
- One String parameter
- Body —
echo "$1" | base64 --decode | bash
Tools
| Tool | Default policy | Description |
|---|---|---|
ninjaone:ninja-list-organizations | Auto | List organizations in NinjaOne |
ninjaone:ninja-get-organization | Auto | Get details for a specific organization |
ninjaone:ninja-list-devices | Auto | List managed devices, optionally filtered by organization |
ninjaone:ninja-get-device | Auto | Get full device details |
ninjaone:ninja-get-device-activities | Auto | Get recent activity for a device |
ninjaone:ninja-get-device-disks | Auto | List disks on a device |
ninjaone:ninja-get-device-volumes | Auto | List volumes on a device |
ninjaone:ninja-get-device-software | Auto | List installed software on a device |
ninjaone:ninja-get-device-services | Auto | List services on a device |
ninjaone:ninja-control-service | Approval needed | Start, stop, or restart a service on a device |
ninjaone:ninja-reboot-device | Approval needed | Reboot a managed device |
ninjaone:ninja-list-scripts | Auto | List automation scripts available in the tenant |
ninjaone:ninja-run-script | Approval needed | Run an existing NinjaOne library script or built-in action on a device |
ninjaone:ninja-run-bash | Approval needed | Run a custom bash script on a Linux or macOS device (requires the Bash Runner Script to be configured) |
ninjaone:ninja-list-alerts | Auto | List active alerts across the tenant |
ninjaone:ninja-get-device-alerts | Auto | List alerts for a specific device |
ninjaone:ninja-dismiss-alert | Approval needed | Dismiss an alert |
ninjaone:ninja-create-ticket | Auto | Create a ticket |
ninjaone:ninja-update-ticket | Approval needed | Update an existing ticket |
ninjaone:ninja-get-ticket-log | Auto | Get the log for a ticket |
ninjaone:ninja-api-get | Auto | Generic GET against the NinjaOne API |
ninjaone:ninja-api-post / -put / -patch / -delete | Approval needed | Generic write calls against the NinjaOne API |