Overview
In an increasingly mobile workforce with employees working from different locations on different devices, organisations need to be able to manage and secure those devices and their company information without the challenges of binding to on-premises Active Directory. With Jamf Connect, a user can unbox their Mac, power it on and access all of their corporate applications after signing on with a single set of cloud-identity credentials.
If you would like to find out more about Jamf Connect for your organisation, please see dataJAR Identity Management.
Device Requirements
The following lists the minimum device requirements for Jamf Connect:
OS: macOS 13 and newer
Please see Jamf Connect Documentation for more information.
Implementation Requirements
In order to deliver your Jamf Connect project, the implementation Engineer will require the following items:
- Access to the below supported Identity Provider (IdP) with correct security privileges to configure the Jamf Connect Application (see section Identity Provider Integrations):
- Google Identity
- Microsoft Entra ID
- Okta Identity Engine
- Access to a minimum of one test macOS device enrolled in Apple Business Manager or Apple School Manager
- Access and credentials for a minimum of one test Identity Provider (IdP) user
- (Optional) A copy of a desired Login Window background image, in JPEG or PNG format ensuring it is off the resolution 5120 × 2880 (144ppi)
- (Optional) A copy of a desired Logo image, in JPEG or PNG format with a recommended resolution of 512 × 512 (144ppi)
Entra ID Specific Requirements
- New App registered / created in Entra for Jamf Connect (see Creating a Jamf Connect App Registration in Microsoft Entra ID) with "https://127.0.0.1/jamfconnect" used for the Redirect URI
- Details of the Client ID for the new Jamf Connect App
- Details of the Tenant ID for the Entra ID Tenant
- (if using Conditional Access) details of the Client ID for the "Jamf Connect - OIDC Endpoint" App
- (if using Conditional Access) details of the scope from the "Jamf Connect - Conditional Access Policy API" App
Entra ID (non-Hybrid) Additional Requirements
- Add a claim to the Entra App to provide the "mailNickname" attribute and name the claim "mailNickName".
- Navigate to App Registrations > Jamf Connect > Manifest
- Set the value of acceptMappedClaims to true and click Save
- Navigate to Enterprise Apps > Jamf Connect > Single Sign On > Edit Attributes & Claims
- Add a new claim with the name mailNickName from the attribute user.mailnickname (leave all other options as default)
Entra ID (Hybrid with AD) Additional Requirements
- Add a claim to the Entra App to provide the "sAMAccountName" attribute and name the claim "onPremisesSamAccountName".
- Navigate to App Registrations > Jamf Connect > Manifest
- Set the value of acceptMappedClaims to true and click Save
- Navigate to Enterprise Apps > Jamf Connect > Single Sign On > Edit Attributes & Claims
- Add a new claim with the name onPremisesSamAccountName from the attribute user.onpremisessamaccountname (leave all other options as default)
- A fully configured and operational installation of Federated Integration (AD FS) or Password Hash Synchronisation/Pass-through Authentication, with ADFS v4 (2016) or higher
- (If using ADFS) New App registered / created in ADFS for Jamf Connect (see Federated Integrations and Jamf Connect Login and Hybrid Entra ID / ADFS) with "https://127.0.0.1/jamfconnect" used for the Redirect URI
- (if using ADFS) Details of the Client ID for the new ADFS App and the ADFS OpenID Connect Discovery URL
Google Identity Specific Requirements
- New OIDC App registered/created in Google Cloud for Jamf Connect (see Integrating with Google Identity)
- Details of the Client ID for the new OIDC App
- Details of the Client Secret for the new OIDC App
- A PKCS12 Keystore File from a Google Cloud LDAP Client
- Details of the password for the PKCS12 Keystore File
Okta Identity Engine Specific Requirements
- New OIDC App registered / created in Okta for Jamf Connect (see Configuring Okta Identity Engine with Jamf Connect )
- Details of the Client ID for the new Okta App
- Application Client ID
- Okta Tenant URL
Further details for specific identity providers are available:
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.