I latterly revealed my publish on Jamf Free up and Azure iDP, and were given some requests to do the similar for Okta.
So hereby a snappy assessment on how one can configure Jamf Free up with Okta. As lots of the configuration and capability of Jamf Free up is similar, without reference to the iDP used, I’ll stay this one quick alternatively and simplest center of attention at the Okta particular configuration.
As a snappy recap:
Whilst you configure Jamf Free up you’ve gotten the collection of requiring a PIN or no longer. However even supposing you don’t configure it to require a PIN, which the iOS app defaults to if particular keys don’t seem to be set within the app configuration, the authentication window on macOS will nonetheless show a textual content box for ‘PIN’. Like I discussed in my publish on Jamf Free up and Azure iDP, this can also be left empty all over authentication when no longer in use.
The primary issues we wish to do to configure Jamf Free up are:
- upload an extra redirect URI for your Jamf Attach (get admission to) app in Okta
- upload the keys to permit Jamf Free up for your operating Jamf Attach Menu Bar app plist
- deploy the Jamf Free up iOS app with app configuration for Okta
Let’s get started with including the extra redirect URI
As it’s possible you’ll know, you’ll configure Jamf Connect to further OIDC apps in Okta to outline who will get admin rights at the Mac thru Jamf Attach Login, and who simplest has get admission to as usual account. Therefore I’ve 2 OIDC apps in my Okta:
For Jamf Free up, we simplest wish to upload an extra URI to the app you’re the use of for get admission to, no longer the only which promotes customers to admin. Therefore I added the extra redirect URI to the get admission to app I’ve:
Subsequent we tweak our current plist for the Jamf Attach Menu Bar app. In my publish on Azure I added further profile with simplest the Jamf Free up similar keys. Let’s upload it to our current profile this time.
My very elementary, current profile for Jamf Attach Menu Bar with Okta:
I cloned this one and added the keys required for Jamf Free up:
<key>Free up</key> <dict> <key>EnableUnlock</key> <true/> <key>RequirePIN</key> <true/> </dict>
Scope that to you gadgets and the macOS facet of the configuration is finished! Except pairing the iOS software in fact…
Like I discussed, including the RequirePIN key or no longer does no longer alternate anything else. Neatly, if you wish to use the PIN capability, in fact you wish to have so as to add it, however casting off it is going to nonetheless display a PIN worth field at the authentication activates in macOS. The ones can simply be left empty when PIN isn’t in use. Whether or not or no longer the PIN is in point of fact in use or no longer is outlined by means of the configuration of the iOS app. See underneath.
Now, let’s do the general a part of our config and deploy the iOS app with app configuration. As discussed in my publish on Azure, the iOS app should be deployed by means of MDM and should include the app configuration settings.
For Okta we wish to use the next app config:
<dict> <key>com.jamf.config.idp.oidc.supplier</key> <string>Okta</string> <key>com.jamf.config.idp.oidc.tenant</key> <string>tenant-name</string> <key>com.jamf.config.idp.oidc.client-id</key> <string>abcdqxanb4Rb4veu0h8</string> <key>com.jamf.config.idp.oidc.redirect-uri</key> <string>jamfunlock://callback/auth</string> </dict>
Please word that the 'tenant-name' is one thing like 'dev-12345' or 'mycompany' and no longer 'dev-12345.okta.com' or 'mycompany.okta.com'. So simply the primary a part of your Okta URL.
The price for “com.jamf.config.idp.oidc.client-id” is the Shopper ID of the app the place you added the extra redirect URI for Jamf Free up.
That’s it! Push the app for your iOS software(s) and do the pairing by the use of the Jamf Free up options within the Jamf Attach Menu Bar App. Make certain that the iOS gadgets has a passcode and/or Contact ID (Face ID) configured and placement products and services is enabled.
Now, in purpose you do wish to required a PIN for each and every authentication, simply upload the next keys to the app configuration:
<key>com.jamf.config.pin.required</key> <true/> <key>com.jamf.config.pin.sort</key> <string>rotating</string>
For an instance on how the PIN capability works, take a look at my different publish: http://travellingtechguy.weblog/jamf-unlock-and-azure-idp/
That’s it! As all the time, should you appreciated the publish, hit the like button, inform your folks about it and depart a remark down underneath!
Apple ecosystem fanatic, geek, tech device freak, Belgian residing within the Netherlands
Senior Undertaking Improve Engineer | Jamf