Overview
In an increasingly mobile workforce with employees working from different locations on different devices, organisations need to be able to manage and secure those devices and their company information without the challenges of binding to on-premises Active Directory. With Jamf Connect, a user can unbox their Mac, power it on and access all of their corporate applications after signing on with a single set of cloud-identity credentials.
If you would like to find out more about Jamf Connect for your organisation, please see dataJAR Identity Management.
Device Requirements
The following lists the minimum device requirements for Jamf Connect:
OS: macOS 12 and newer
Please see Jamf Connect Documentation for more information.
Implementation Requirements
In order to deliver your Jamf Connect project, the implementation Engineer will require the following items:
- Access to the below supported Identity Provider (IdP) with correct security privileges to configure the Jamf Connect Application (see section Identity Provider Integrations):
- Google Identity
- IBM Cloud Identity
- Microsoft Entra ID
- Okta Identity Engine
- OneLogin
- PingFederate
- Access to a minimum of one test macOS device enrolled in Apple Business Manager or Apple School Manager, running macOS 10.14 or newer
- Access and credentials for a minimum of one test Identity Provider (IdP) user
- (Optional) A copy of a desired Login Window background image, in JPEG or PNG format ensuring it is off the resolution 5120 × 2880 (144ppi)
- (Optional) A copy of a desired Logo image, in JPEG or PNG format with a recommended resolution of 512 × 512 (144ppi)
- (For Okta Identity Engine) New OIDC App registered / created in Okta for Jamf Connect (see Configuring Okta Identity Engine with Jamf Connect )
- (For Okta Identity Engine) Details of the Client ID for the new Okta App
- Application ID
- Okta Tenant URL
- (For Entra ID and Hybrid systems) New App registered / created in Entra for Jamf Connect (see Creating a Jamf Connect App Registration in Microsoft Entra ID) with "https://127.0.0.1/jamfconnect" used for the Redirect URI
- (For Entra ID and Hybrid systems) Details of the Client ID for the new Entra App
- (For pure Entra ID systems - not Hybrid) add a claim to the Entra App to provide the "mailNickname" attribute and name the claim "mailnickname".
- Navigate to App Registrations > Jamf Connect > Manifest
- Set the value of acceptMappedClaims to true and click Save
- Navigate to Enterprise Apps > Jamf Connect > Single Sign On > Edit Attributes & Claims
- Add a new claim with the name mailnickname from the attribute user.mailnickname (leave all other options as default)
- (For Entra ID Hybrid systems) If your AD usernames are different from the local part of their Entra ID usernames/User Principal Names, add a claim to the Entra App to provide the "sAMAccountName" attribute and name the claim "onpremisessamaccountname".
- Navigate to App Registrations > Jamf Connect > Manifest
- Set the value of acceptMappedClaims to true and click Save
- Navigate to Enterprise Apps > Jamf Connect > Single Sign On > Edit Attributes & Claims
- Add a new claim with the name onpremisessamaccountname from the attribute user.onpremisessamaccountname (leave all other options as default)
- (For Entra ID Hybrid systems) A fully configured and operational installation of Federated Integration (AD FS) or Password Hash Synchronisation/Pass-through Authentication, with ADFS v4 (2016) or higher
- (For Entra ID Hybrid systems) New App registered / created in ADFS for Jamf Connect (see Federated Integrations and Jamf Connect Login and Hybrid Entra ID / ADFS) with "https://127.0.0.1/jamfconnect" used for the Redirect URI
- (For Entra ID Hybrid systems) Details of the Client ID for the new ADFS App and the ADFS OpenID Connect Discovery URL (if using ADFS)
Further details for specific identity providers are available:
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.