It is possible to link your Jamf Pro / datajar.mobi instance to your Okta instance using SAML/SSO. This allows SSO user authentication during enrolment using Enrolment Customisation (macOS 10.15+) and the Self Service app, as well as assignment of devices and integrations into Apple School/Business Manager.
Using SSO during enrolment optionally allows you to require your users to use MFA when they authenticate, before Macs are enrolled, if using Enrolment Customisation.
Requirements / Dependancies
An LDAP/S connection to Okta Universal LDAP is recommended to work along side the SSO integration to give richer inventory reporting via the collection of additional attributes in Okta user records which can be used for app/profile scoping. Please ensure the steps in the following article are completed beforehand: Configuring Okta Universal Directory (LDAPS) for datajar.mobi
- Follow the steps in the following article (we recommend using the Pre-Configured Application):
- A dataJAR engineer will provide you with the "Jamf Pro" URL. It will be in the format of customername.datajar.mobi and NOT customer.jamfcloud.com - please do not use *.jamfcloud.com in any field when configuring the Okta app.
- Please provide the Metadata URL from Okta to the dataJAR engineer.
- If you wish to follow the optional steps to enable Single Logout, please let your dataJAR engineer know and they will provide the necessary certificate for you to upload to your Okta instance.
Please note: we are aware of a Jamf product issue that may cause pages to not fully load in some cases when using Okta SSO to access your datajar.mobi instance. If this happens, please clear your browser cache and try again. You may also need to close any other open browser tabs that are logged into your datajar.mobi instance.
Need further support?
Automate. Simplify. Succeed. If you still require assistance with us or have any further questions, please raise a ticket with our support team.
Alternatively, please see our frequently updated knowledge base articles for reference.