> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rallied.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# NinjaOne
> Connect NinjaOne so the agent can manage devices, run scripts, dismiss alerts, and create tickets across your organizations.
Connect NinjaOne so the agent can list and inspect devices, control services, reboot endpoints, run scripts, manage alerts, and create or update tickets across every organization in your NinjaOne instance.
NinjaOne is configured in **MSP Settings → Integrations**.
## How to connect
NinjaOne uses **OAuth Authorization Code + PKCE** because script execution on devices requires a user-consented token (Client Credentials alone won't work). Each MSP creates their own API app inside NinjaOne — there is no shared vendor app.
You'll do two things: enter your API app credentials, then authorize Rallied.ai in a NinjaOne consent popup.
Sign in to NinjaOne as an administrator. Go to **Administration → Apps → API → Add**. Create a new app with:
* **Application platform** — Web
* **Redirect URI** — the Rallied.ai callback URL shown on the connect form (`https:///dashboard/integrations/ninjaone-callback`)
* **Scopes** — `monitoring`, `management`, `control`
Copy the **Client ID** and **Client Secret** — the secret is only displayed once.
In the Rallied.ai dashboard, navigate to **MSP Settings → Integrations**.
Find the NinjaOne card and click **Connect**. A credentials form appears.
Fill in:
* **Client ID** — from your NinjaOne API app
* **Client Secret** — from your NinjaOne API app
* **Region** — pick the NinjaOne instance that matches your tenant:
* US — `app.ninjarmm.com`
* US2 — `us2.ninjarmm.com`
* EU — `eu.ninjarmm.com`
* Oceania — `oc.ninjarmm.com`
* Canada — `ca.ninjarmm.com`
Click **Save**. The credentials are stored, but the integration is not yet authorized.
After saving, a **Authorize NinjaOne** step opens. Click through to NinjaOne in the popup, sign in if prompted, and approve the requested scopes. NinjaOne redirects back to Rallied.ai with an authorization code that is exchanged for an access token + refresh token.
The card shows **Connected** when complete.
The access token is refreshed automatically using the refresh token. If a user revokes the API app in NinjaOne or rotates the client secret, the integration will fail — reconnect from **MSP Settings → Integrations**.
## How the agent uses it
When a request maps to a NinjaOne-managed device — *"is the print server up?"*, *"reboot the kiosk in the lobby"*, *"run our cleanup script on all of Acme's workstations"* — the agent typically:
1. Finds the organization and device.
2. Gathers context — recent activity, installed software, services, disks, volumes, and alerts.
3. Takes action — starting, stopping, or restarting a service, rebooting the device, or running one of your NinjaOne library scripts.
4. Wraps up by dismissing the original alert and/or creating a ticket.
For Linux and macOS devices, the agent can also run a custom bash script you've written on the fly — see [Running custom bash scripts](#running-custom-bash-scripts-linux-and-macos).
## Running custom bash scripts (Linux and macOS)
By default, NinjaOne can only run scripts that already exist in your script library. To let the agent run *ad-hoc* bash on Linux or macOS endpoints, you set up a one-time bridge script and paste its ID into the NinjaOne integration page.
In NinjaOne, create a new **Mac/Linux** script with:
* **One String parameter**
* **Body** — `echo "$1" | base64 --decode | bash`
Save the script and note its numeric **Script ID** from the script details page.
Open the NinjaOne integration page (**MSP Settings → Integrations → NinjaOne**) and find the **Bash Runner Script** section. Paste the Script ID and click **Save**.
Once configured, the agent can run any custom bash on Linux or macOS devices through this bridge. The script you give it is base64-encoded, passed to the runner, and decoded and executed on the endpoint.
Custom bash runs as root by default — it's the most powerful action in the integration. The action always requires technician approval, and the exact script the agent wants to run is shown in the approval request. Review carefully before approving.
The bash runner is Linux and macOS only. For Windows devices, the agent uses your existing NinjaOne library scripts and built-in actions instead.
## Tools
| Tool | Default policy | Description |
| --------------------------------------------------------- | --------------- | ------------------------------------------------------------------------------------------------------ |
| `ninjaone:ninja-list-organizations` | Auto | List organizations in NinjaOne |
| `ninjaone:ninja-get-organization` | Auto | Get details for a specific organization |
| `ninjaone:ninja-list-devices` | Auto | List managed devices, optionally filtered by organization |
| `ninjaone:ninja-get-device` | Auto | Get full device details |
| `ninjaone:ninja-get-device-activities` | Auto | Get recent activity for a device |
| `ninjaone:ninja-get-device-disks` | Auto | List disks on a device |
| `ninjaone:ninja-get-device-volumes` | Auto | List volumes on a device |
| `ninjaone:ninja-get-device-software` | Auto | List installed software on a device |
| `ninjaone:ninja-get-device-services` | Auto | List services on a device |
| `ninjaone:ninja-control-service` | Approval needed | Start, stop, or restart a service on a device |
| `ninjaone:ninja-reboot-device` | Approval needed | Reboot a managed device |
| `ninjaone:ninja-list-scripts` | Auto | List automation scripts available in the tenant |
| `ninjaone:ninja-run-script` | Approval needed | Run an existing NinjaOne library script or built-in action on a device |
| `ninjaone:ninja-run-bash` | Approval needed | Run a custom bash script on a Linux or macOS device (requires the Bash Runner Script to be configured) |
| `ninjaone:ninja-list-alerts` | Auto | List active alerts across the tenant |
| `ninjaone:ninja-get-device-alerts` | Auto | List alerts for a specific device |
| `ninjaone:ninja-dismiss-alert` | Approval needed | Dismiss an alert |
| `ninjaone:ninja-create-ticket` | Auto | Create a ticket |
| `ninjaone:ninja-update-ticket` | Approval needed | Update an existing ticket |
| `ninjaone:ninja-get-ticket-log` | Auto | Get the log for a ticket |
| `ninjaone:ninja-api-get` | Auto | Generic GET against the NinjaOne API |
| `ninjaone:ninja-api-post` / `-put` / `-patch` / `-delete` | Approval needed | Generic write calls against the NinjaOne API |
## Policies
NinjaOne is an integration. Per-tool policies are configured on the **NinjaOne** integration detail page (open it from **MSP Settings → Integrations**).
See [Policies](/dashboard/policies) for an overview of policy modes.