If you haven't maybe even post this in /r/JAMF if you havent already. G Suite is NOT passing user groups membership attributes into the SAML. Take what I say with a grain of salt and maybe someone here has more recent experience with JAMF as it's been almost 3 years since I even looked or thought about JAMF. Jamf Pro offers a pretty seamless SSO integration with G Suite but when it comes. We started with very basic rule sets (Screen lock time, minimum password requirements, etc) they gradually upscaled security until root was taken away among other things, and eventually introduced Apple equivalent to what NoMAD was (now JAMF Connect) to force password changes. I have found a document called 'ClearPass 6.x Tech Note: ClearPass Enterprise Mobility Management Integration November 2015 V5'. I'm starting to research integrating ClearPass with JAMF, and what that might look like. It would be a good way to keep people accountable instead of looking at a spreadsheet of serial numbers and usernames and checking them off manually like we first did.Īlso, from my experience and if you are coming from non-managed Mac's and if you are working with developers (software engineers/QA/etc) who are used to full control they are going to complain if you start with max restrictions off the rip. ClearPass integration with JAMF documentation 0 Kudos hammertim Posted 01:23 AM Reply Reply Privately Hi. Or you can just have the enrollment bookmark in the user's Okta profile and name it (Enroll your Mac or something) and have some Workflow logic check that user's computer is enrolled in JAMF and remove the bookmark from the user if it is successfully enrolled. I never specifically set up JAMF enrollment via Okta but I believe it can support it with Okta Workflows but wouldn't even know how that would work from a technical perspective as the agent needs to install the MDM profile on the device first. And the other piece is the SAML setup in JAMF is pretty straightforward (see Okta guides). This document describes how to set up multi-factor authentication (MFA) for Jamf Pro® with AuthPoint, and configure Jamf Pro to integrate with AuthPoint SAML. Obviously, there are 2 pieces to this and it's been a long time since I managed JAMF but if you are looking for user-initiated enrollment and don't plan on leveraging auto-enrollment via Apple Business/School Manager, documentation on JAMF is pretty informative as users just need to simply go to a URL login and they will get an installer to run on their local machine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |