Hence the need to setup SSO in Jamf Pro first… In view of the purpose of this post, linking this custom enrollment to Jamf Connect, we need to choose Single Sign On Authentication. The most important part however is the actual PreStage Pane, where you have the choice between a text window, LDAP authentication and Single Sign On Authentication. The name will be what you’ll select in the pre-stage later, so choose something handy. Here you’ll give the Custom Enrollment settings a name and description as you like. Once your Single Sign On is sorted, we need to configure Enrollment Customization in the Jamf Pro Settings -> Global Management. First make sure that your SSO with Azure is working fine, before continuing the setup below. I’ll be using Azure here, but in order to keep this post within limits, I’ll refer you to the following link to configure Azure SSO in Jamf Pro. Plist for Jamf Connect Login in this setupĪs mentioned above, one of the requirements for Enrollment Customization with Jamf Connect is to configure your iDP as SSO in Jamf Pro.Create a pre-stage including usage of the enrollment customization.Note: Jamf Pro 10.17 is ok, but I'm testing with 10.18 and the latest version of Jamf Connect 1.16 (Jamf Connect Login 1.9.0) in view of bug fixes. The reason for the need of a Cloud Distribution Point, is the fact that Jamf Connect Login needs to be installed as an enrollment package, in order to be on the system during the Setup Assistant. Jamf Connect 1.12.0 or higher (Jamf Connect Login 1.7.0).Cloud Distribution Point (JCDS, Akamai, AWS,…).Jamf Pro 10.17 (preferably 10.18 to customise the SAML claims).
This enhances the overall user experience and integrates nicely in the Enrollment Customization feature of macOS Automatic MDM enrollment. Jamf Connect Login will then do an ROPG call against the iDP to validate and set the local account password.
Jamf pro single sign on error password#
Just after the Setup Assistant, the user will be prompted by a new Jamf Connect Login window, different from the normal OIDC webapp, to validate the password once more. Jamf Pro will then pass the user information to Jamf Connect Login. GOAL: This setup will prompt the user to authenticate against the iDP in order to get access to enroll the device. Hi there! It’s been a while since Jamf added ‘Enrollment Customization’ already, so it had to be done: a post on customising the enrollment experience of users enrolling devices in Jamf Pro with Jamf Connect Login! Update: don’t try this on a VM, doesn’t work for me!
0 kommentar(er)
