Introduction
It is possible to link your Jamf Pro / datajar.mobi instance to your Okta instance using SAML/SSO. This allows SSO user authentication during enrolment using Enrolment Customisation (macOS 10.15+) and the Self Service app, as well as assignment of devices and integrations into Apple School/Business Manager.
Using SSO during enrolment optionally allows you to require your users to use MFA when they authenticate, before Macs are enrolled, if using Enrolment Customisation.
Requirements / Dependancies
An LDAP/S connection to Okta Universal LDAP is required to work along side the SSO integration to give richer inventory reporting via the collection of additional attributes in Okta user records which can be used for app/profile scoping. Please ensure the steps in the following article are completed beforehand: Configuring Okta Universal Directory (LDAPS) for datajar.mobi
Technical Details
- Follow the steps in the following article (we recommend using the Pre-Configured Application):
- https://docs.jamf.com/technical-articles/Configuring_Single_Sign-On_with_Okta.html
- A dataJAR engineer will provide you with the "Jamf Pro" URL. It may be in the format of customername.datajar.mobi and NOT customer.jamfcloud.com - please do not use *.jamfcloud.com in any field when configuring the Okta app.
- Edit the Application as follows:
- Under Sign On → Settings → Credential Details, set the Application username format to mailNickName (this attribute should be created as part of Configuring Okta Universal Directory (LDAPS) for datajar.mobi)
- Please provide the Metadata URL from Okta to the dataJAR engineer.
- If you wish to follow the optional steps to enable Single Logout, please let your dataJAR engineer know and they will provide the necessary certificate for you to upload to your Okta instance.
Please note: we are aware of a Jamf product issue that may cause pages to not fully load in some cases when using Okta SSO to access your datajar.mobi instance. If this happens, please clear your browser cache and try again. You may also need to close any other open browser tabs that are logged into your datajar.mobi instance.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.