litgasil.blogg.se - Jamf pro okta

Jamf pro okta how to#
Jamf pro okta serial numbers#
Jamf pro okta install#
Jamf pro okta pro#

For User Mapping: JAMF Pro, select Username.

Jamf pro okta pro#

Select the Jamf Pro Server check box to enable Single Sign-On authentication.

Click Edit to configure Single Sign-on settings.

In the System Settings section, click Single Sign-on.

The AuthPoint metadata provides your resource, in this case Jamf Pro, with information necessary to identify AuthPoint as a trusted identity provider. If you do not have a certificate, or if all of your certificates have expired, click Add Certificate and use the newly created certificate. We recommend that you choose the certificate with the latest expiration date.

Next to AuthPoint certificate you will associate with your resource, click and select Copy Metadata URL.

If you have a Service Provider account, you must select an account from Account Manager.

From the navigation menu, select Configure > AuthPoint.

After you have this, you can configure Jamf Pro. To start, you must copy the URL for the metadata file from the Certificate Management page in the AuthPoint management UI.

You have an AuthPoint identity provider (IdP) certificate An AuthPoint IdP certificate is required for SAML authentication.A token is assigned to a user in AuthPoint.This diagram shows the data flow of an MFA transaction for Jamf Pro.īefore you begin these procedures, make sure that: Jamf Pro Authentication Data Flow with AuthPointĪuthPoint communicates with various cloud-based services and service providers with the SAML protocol. This integration was tested with Jamf Pro version 10.2.2.

For this integration, we set up SAML with AuthPoint. Jamf Pro can be configured to support MFA in several modes. Jamf Pro must already be configured and deployed before you set up MFA with AuthPoint.

Jamf pro okta how to#

This document describes how to set up multi-factor authentication (MFA) for Jamf Pro® with AuthPoint, and configure Jamf Pro to integrate with AuthPoint SAML.

If you haven't maybe even post this in r/JAMF if you havent already.Jamf Pro Integration with AuthPoint Deployment Overview Take what I say with a grain of salt and maybe someone here has more recent experience with JAMF as it's been almost 3 years since I even looked or thought about JAMF. We started with very basic rule sets (Screen lock time, minimum password requirements, etc) they gradually upscaled security until root was taken away among other things, and eventually introduced Apple equivalent to what NoMAD was (now JAMF Connect) to force password changes.

Jamf pro okta serial numbers#

It would be a good way to keep people accountable instead of looking at a spreadsheet of serial numbers and usernames and checking them off manually like we first did.Īlso, from my experience and if you are coming from non-managed Mac's and if you are working with developers (software engineers/QA/etc) who are used to full control they are going to complain if you start with max restrictions off the rip. Or you can just have the enrollment bookmark in the user's Okta profile and name it (Enroll your Mac or something) and have some Workflow logic check that user's computer is enrolled in JAMF and remove the bookmark from the user if it is successfully enrolled.

Jamf pro okta install#

I never specifically set up JAMF enrollment via Okta but I believe it can support it with Okta Workflows but wouldn't even know how that would work from a technical perspective as the agent needs to install the MDM profile on the device first. And the other piece is the SAML setup in JAMF is pretty straightforward (see Okta guides). Obviously, there are 2 pieces to this and it's been a long time since I managed JAMF but if you are looking for user-initiated enrollment and don't plan on leveraging auto-enrollment via Apple Business/School Manager, documentation on JAMF is pretty informative as users just need to simply go to a URL login and they will get an installer to run on their local machine.