Overview
This article describes what is required in order to use datajar.mobi / Jamf Service Provider Plan instances with Okta Universal Directory. Once configured, credentials can be used for enrolment, account creation and application scoping.
Pre-requisites
- Firstly, enable the LDAP interface within Okta. To do this, please complete the following: https://help.okta.com/en-us/content/topics/directory/ldap-interface-enable.htm
- A service account with read-only administrator access is required for datajar.mobi to authenticate to the Okta Universal Directory. Please provide the unique username and password for this service account to your configuration engineer upon request.
- The service account must not require MFA. This is probably easiest achieved by adding an IP exclusion to the MFA policy within your Okta console. Please exclude all IP ranges for the eu-west-2 Jamf Cloud AWS region per: https://learn.jamf.com/bundle/technical-articles/page/Permitting_InboundOutbound_Traffic_with_Jamf_Cloud.html. For further details, please review: https://help.okta.com/en-us/content/topics/security/network/add-network-zone-signon-policy.htm
- Please create a custom attribute as follows:
- Name: mailNickName
- Type: String
- Value: String.substringBefore(appuser.userName, "@")
If you require further assistance, please ensure you contact Okta support.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.