Skip to main content
Connect NinjaOne so the agent can list and inspect devices, control services, reboot endpoints, run scripts, manage alerts, and create or update tickets across every organization in your NinjaOne instance.
NinjaOne is configured in MSP Settings → Integrations.

How to connect

NinjaOne uses OAuth Authorization Code + PKCE because script execution on devices requires a user-consented token (Client Credentials alone won’t work). Each MSP creates their own API app inside NinjaOne — there is no shared vendor app. You’ll do two things: enter your API app credentials, then authorize Rallied.ai in a NinjaOne consent popup.
1

Create an API app in NinjaOne

Sign in to NinjaOne as an administrator. Go to Administration → Apps → API → Add. Create a new app with:
  • Application platform — Web
  • Redirect URI — the Rallied.ai callback URL shown on the connect form (https://<tool-gateway>/dashboard/integrations/ninjaone-callback)
  • Scopesmonitoring, management, control
Copy the Client ID and Client Secret — the secret is only displayed once.
2

Open MSP Integrations

In the Rallied.ai dashboard, navigate to MSP Settings → Integrations.
3

Connect NinjaOne

Find the NinjaOne card and click Connect. A credentials form appears.
4

Enter your credentials

Fill in:
  • Client ID — from your NinjaOne API app
  • Client Secret — from your NinjaOne API app
  • Region — pick the NinjaOne instance that matches your tenant:
    • US — app.ninjarmm.com
    • US2 — us2.ninjarmm.com
    • EU — eu.ninjarmm.com
    • Oceania — oc.ninjarmm.com
    • Canada — ca.ninjarmm.com
Click Save. The credentials are stored, but the integration is not yet authorized.
5

Authorize Rallied.ai

After saving, a Authorize NinjaOne step opens. Click through to NinjaOne in the popup, sign in if prompted, and approve the requested scopes. NinjaOne redirects back to Rallied.ai with an authorization code that is exchanged for an access token + refresh token.The card shows Connected when complete.
The access token is refreshed automatically using the refresh token. If a user revokes the API app in NinjaOne or rotates the client secret, the integration will fail — reconnect from MSP Settings → Integrations.

How the agent uses it

When a request maps to a NinjaOne-managed device — “is the print server up?”, “reboot the kiosk in the lobby”, “run our cleanup script on all of Acme’s workstations” — the agent typically:
  1. Finds the organization and device.
  2. Gathers context — recent activity, installed software, services, disks, volumes, and alerts.
  3. Takes action — starting, stopping, or restarting a service, rebooting the device, or running one of your NinjaOne library scripts.
  4. Wraps up by dismissing the original alert and/or creating a ticket.
For Linux and macOS devices, the agent can also run a custom bash script you’ve written on the fly — see Running custom bash scripts.

Running custom bash scripts (Linux and macOS)

By default, NinjaOne can only run scripts that already exist in your script library. To let the agent run ad-hoc bash on Linux or macOS endpoints, you set up a one-time bridge script and paste its ID into the NinjaOne integration page.
1

Create the bash runner script in NinjaOne

In NinjaOne, create a new Mac/Linux script with:
  • One String parameter
  • Bodyecho "$1" | base64 --decode | bash
Save the script and note its numeric Script ID from the script details page.
2

Paste the Script ID into Rallied

Open the NinjaOne integration page (MSP Settings → Integrations → NinjaOne) and find the Bash Runner Script section. Paste the Script ID and click Save.
Once configured, the agent can run any custom bash on Linux or macOS devices through this bridge. The script you give it is base64-encoded, passed to the runner, and decoded and executed on the endpoint.
Custom bash runs as root by default — it’s the most powerful action in the integration. The action always requires technician approval, and the exact script the agent wants to run is shown in the approval request. Review carefully before approving.
The bash runner is Linux and macOS only. For Windows devices, the agent uses your existing NinjaOne library scripts and built-in actions instead.

Tools

ToolDefault policyDescription
ninjaone:ninja-list-organizationsAutoList organizations in NinjaOne
ninjaone:ninja-get-organizationAutoGet details for a specific organization
ninjaone:ninja-list-devicesAutoList managed devices, optionally filtered by organization
ninjaone:ninja-get-deviceAutoGet full device details
ninjaone:ninja-get-device-activitiesAutoGet recent activity for a device
ninjaone:ninja-get-device-disksAutoList disks on a device
ninjaone:ninja-get-device-volumesAutoList volumes on a device
ninjaone:ninja-get-device-softwareAutoList installed software on a device
ninjaone:ninja-get-device-servicesAutoList services on a device
ninjaone:ninja-control-serviceApproval neededStart, stop, or restart a service on a device
ninjaone:ninja-reboot-deviceApproval neededReboot a managed device
ninjaone:ninja-list-scriptsAutoList automation scripts available in the tenant
ninjaone:ninja-run-scriptApproval neededRun an existing NinjaOne library script or built-in action on a device
ninjaone:ninja-run-bashApproval neededRun a custom bash script on a Linux or macOS device (requires the Bash Runner Script to be configured)
ninjaone:ninja-list-alertsAutoList active alerts across the tenant
ninjaone:ninja-get-device-alertsAutoList alerts for a specific device
ninjaone:ninja-dismiss-alertApproval neededDismiss an alert
ninjaone:ninja-create-ticketAutoCreate a ticket
ninjaone:ninja-update-ticketApproval neededUpdate an existing ticket
ninjaone:ninja-get-ticket-logAutoGet the log for a ticket
ninjaone:ninja-api-getAutoGeneric GET against the NinjaOne API
ninjaone:ninja-api-post / -put / -patch / -deleteApproval neededGeneric write calls against the NinjaOne API

Policies

NinjaOne is an integration. Per-tool policies are configured on the NinjaOne integration detail page (open it from MSP Settings → Integrations). See Policies for an overview of policy modes.