Jamf Service Provider Plan - Pre-requisites

Introduction

This document is for Partners working with the MSP Services team to set up to Jamf Service Provider Plan with a managed instance.

The following are required before the instance can be configured. An 1-2 hour engagement call will take place for the initial setup of the instance and some items will be generated during the engagement. It is essential that someone with appropriate access to the customer's Apple and Identity Provider's supporting infrastructure is available throughout this engagement.

Apple Infrastructure (Apple Business Manager/Apple School Manager)

Sign up via https://school.apple.com/ or https://business.apple.com 

• A person with the ability to create Locations and MDM servers in Apple School/Business Manager
  • Their Managed Apple Account should have the Administrator role
• A new dedicated Location for the instance and its Content Token
  • Sufficient quantity of licenses for the following iOS/iPadOS apps purchased and assigned to the above Location (these apps are free):
    • JSDE
    • Jamf Self Service
• MDM Server Token (Jamf MSP Services will supply the Public Key during implementation)
• APNs Certificate (Jamf MSP Services will supply the required Certificate Signing Request during implementation)
  • We recommend a Managed Apple Account is used to generate this

Identity Services Integration - Jamf Pro

• A supported Identity Provider must be in place and operational
  • Microsoft Entra ID
  • Google Workspace
  • Okta Identity Engine
• A person with administrative access to the customer's Identity Provider platform/portal:
  • Entra ID: Global Administrator
  • Google Workspace: Administrator
  • Okta Identity Engine: Administrator

Entra ID Requirements

Requirements for connecting Jamf Pro to Entra ID over SSO

Connecting datajar.mobi to Entra ID as a Cloud Identity Provider

Google Workspace Requirements

Requirements for connecting Jamf Pro to Google Cloud IdP over LDAPS

Configuring Single Sign-On with Google Workspace - Technical Articles | Jamf

Okta Identity Engine Requirements

Requirements for connecting Jamf Pro to Okta over SSO

Configuring Okta Universal Directory (LDAPS) for datajar.mobi

Identity Services Integration - Jamf Connect

• A supported Identity Provider must be in place and operational
  • Microsoft Entra ID
  • Google Workspace
  • Okta Identity Engine
• A person with administrative access to the customer's Identity Provider platform/portal:
  • Entra ID: Global Administrator
  • Google Workspace: Administrator
  • Okta Identity Engine: Administrator

Please review Jamf Connect Requirements for specific details covering all Identity Providers.