Difference between revisions of "Jamf Pro"

From Studentnet Wiki
Jump to navigation Jump to search
 
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
=Jamf Pro=
 +
 
==Single Sign On with Cloudwork==
 
==Single Sign On with Cloudwork==
 
#Login to '''Cloudwork dashboard'''
 
#Login to '''Cloudwork dashboard'''
 
#Navigate to '''Single Sign On'''>'''Add New Service'''>'''Custom SAML Service'''
 
#Navigate to '''Single Sign On'''>'''Add New Service'''>'''Custom SAML Service'''
 
#Fill out the form:
 
#Fill out the form:
#:'''Name''' = '''JAMFPro'''
+
#:'''Name''' = '''Jamf Pro'''
 
#:'''Entity ID''':
 
#:'''Entity ID''':
#:* If using JAMF OnPremise, use for Entity ID: https://<JAMF Pro domain>:8443/saml/metadata
+
#:* If using Jamf OnPremise, use for Entity ID: https://<Jamf Pro domain>:8443/saml/metadata
#:* If using Jamfcloud hosted server, use for Entity ID: https://<JAMF Pro URL>/saml/metadata
+
#:* If using Jamfcloud hosted server, use for Entity ID: https://<Jamf Pro URL>/saml/metadata
 
#:'''ACS''':
 
#:'''ACS''':
#:* If using JAMF OnPremise, use for ACS: https://<JAMF Pro domain>:8443/saml/SSO
+
#:* If using Jamf OnPremise, use for ACS: https://<Jamf Pro domain>:8443/saml/SSO
#:* If using Jamfcloud hosted server, use for ACS: https://<JAMF Pro URL>/saml/SSO
+
#:* If using Jamfcloud hosted server, use for ACS: https://<Jamf Pro URL>/saml/SSO
 
#:'''Single Logout Service''' = Leave blank
 
#:'''Single Logout Service''' = Leave blank
 
#:'''NameID Value''' = From the drop down select '''Email'''
 
#:'''NameID Value''' = From the drop down select '''Email'''
 
#:'''NameID Format''' = select from drop down '''urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'''
 
#:'''NameID Format''' = select from drop down '''urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'''
 
#:'''Login URL''':
 
#:'''Login URL''':
#:* If using JAMF OnPremise, use for Login URL: https://<JAMF Pro domain>:8443
+
#:* If using Jamf OnPremise, use for Login URL: https://<Jamf Pro domain>:8443
#:* If using Jamfcloud hosted server, use for Login URL: https://<JAMF Pro URL>
+
#:* If using Jamfcloud hosted server, use for Login URL: https://<Jamf Pro URL>
 
#Click '''Submit'''
 
#Click '''Submit'''
 
#Under '''XML File''' click download and save file as '''.XML''' file
 
#Under '''XML File''' click download and save file as '''.XML''' file
  
==Single Sign On with JAMF Pro==
+
[[File:JAMFPro_Cloudwork_Form.PNG|150px|centre|frame|Example of Cloudwork Setup]]
#Login to your JAMF Pro dashboard
+
 
 +
==Single Sign On with Jamf Pro==
 +
#Login to your Jamf Pro dashboard
 
#In the top right corner click the gear
 
#In the top right corner click the gear
 
#Under '''System Settings''' click on '''Single Sign On'''
 
#Under '''System Settings''' click on '''Single Sign On'''
Line 28: Line 32:
 
#:'''Other Provider''' = Enter in '''Cloudwork'''
 
#:'''Other Provider''' = Enter in '''Cloudwork'''
 
#:'''Entity ID''':  
 
#:'''Entity ID''':  
#:* If using JAMF OnPremise, use for Entity ID: https://<JAMF Pro domain>:8443/saml/metadata
+
#:* If using Jamf OnPremise, use for Entity ID: https://<Jamf Pro domain>:8443/saml/metadata
#:* If using Jamfcloud hosted server, use for Entity ID: https://<JAMF Pro URL>/saml/metadata
+
#:* If using Jamfcloud hosted server, use for Entity ID: https://<Jamf Pro URL>/saml/metadata
 
#:'''Identity Provider Metadata Source''' = select '''Metadata File'''
 
#:'''Identity Provider Metadata Source''' = select '''Metadata File'''
 
#:'''Upload Metadata File''' = Upload the XML File which was downloaded from Cloudwork Dashboard.
 
#:'''Upload Metadata File''' = Upload the XML File which was downloaded from Cloudwork Dashboard.
Line 36: Line 40:
 
#:'''Jamf Pro User Mapping''' = Set to '''Email'''
 
#:'''Jamf Pro User Mapping''' = Set to '''Email'''
 
#:'''Identity Provider Group Attribute Name''' = Set to '''https://scopes.cloudwork.id/profile'''
 
#:'''Identity Provider Group Attribute Name''' = Set to '''https://scopes.cloudwork.id/profile'''
 +
#:'''RDN Key For LDAP Group''' = Leave blank
 
#:'''Options''': Select the following options
 
#:'''Options''': Select the following options
 
#:* '''Single Sign-On Options for Jamf Pro'''
 
#:* '''Single Sign-On Options for Jamf Pro'''
Line 43: Line 48:
 
#:* '''Enrollment Access''' = Set to '''Any Identity provider user'''
 
#:* '''Enrollment Access''' = Set to '''Any Identity provider user'''
 
#Click '''Save'''
 
#Click '''Save'''
 +
[[File:JAMFPro_form_1.PNG|150px|centre|frame|Example of Jamf Pro Setup part 1]]
 +
[[File:JAMFPro_form_2.PNG|150px|centre|frame|Example of Jamf Pro Setup part 2]]
  
==Testing==
+
==Testing Single Sign On==
#Login to your JAMF Pro dashboard
+
#Login to your '''Jamf Pro Dashboard'''
 
#In the top right corner click the gear
 
#In the top right corner click the gear
 
#Click '''Jamf Pro User Accounts & Groups'''
 
#Click '''Jamf Pro User Accounts & Groups'''
Line 51: Line 58:
 
#For '''Choose Action''' select '''Create standard Account''' and click '''Next'''
 
#For '''Choose Action''' select '''Create standard Account''' and click '''Next'''
 
#Populate your test user details:
 
#Populate your test user details:
#:Notes:
+
#:Notes for populating test user:
 
#:*Ensure Username is full email address, and email address field is populated.
 
#:*Ensure Username is full email address, and email address field is populated.
 
#:*Password entered here will be ignored
 
#:*Password entered here will be ignored
 
#:Test SSO by opening a private browsing session and log into your Jamf Pro Server:
 
#:Test SSO by opening a private browsing session and log into your Jamf Pro Server:
#:*If using JAMF OnPremise, login to: '''https://<JAMF Pro domain>:8443/saml/metadata'''  
+
#:*If using Jamf OnPremise, login to: '''https://<Jamf Pro domain>:8443/saml/metadata'''  
#:*If using Jamfcloud hosted server, login to: '''https://<JAMF Pro URL>/saml/metadata'''
+
#:*If using Jamfcloud hosted server, login to: '''https://<Jamf Pro URL>/saml/metadata'''
 +
 
 +
[[Category:Single Sign On Services]]

Latest revision as of 03:14, 29 August 2022

Jamf Pro

Single Sign On with Cloudwork

  1. Login to Cloudwork dashboard
  2. Navigate to Single Sign On>Add New Service>Custom SAML Service
  3. Fill out the form:
    Name = Jamf Pro
    Entity ID:
    • If using Jamf OnPremise, use for Entity ID: https://<Jamf Pro domain>:8443/saml/metadata
    • If using Jamfcloud hosted server, use for Entity ID: https://<Jamf Pro URL>/saml/metadata
    ACS:
    • If using Jamf OnPremise, use for ACS: https://<Jamf Pro domain>:8443/saml/SSO
    • If using Jamfcloud hosted server, use for ACS: https://<Jamf Pro URL>/saml/SSO
    Single Logout Service = Leave blank
    NameID Value = From the drop down select Email
    NameID Format = select from drop down urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
    Login URL:
    • If using Jamf OnPremise, use for Login URL: https://<Jamf Pro domain>:8443
    • If using Jamfcloud hosted server, use for Login URL: https://<Jamf Pro URL>
  4. Click Submit
  5. Under XML File click download and save file as .XML file
Example of Cloudwork Setup

Single Sign On with Jamf Pro

  1. Login to your Jamf Pro dashboard
  2. In the top right corner click the gear
  3. Under System Settings click on Single Sign On
  4. In the bottom left corner click Edit and turn on Single Sign-On Authentication
  5. Fill out the form:
    Identity Provider = Other
    Other Provider = Enter in Cloudwork
    Entity ID:
    • If using Jamf OnPremise, use for Entity ID: https://<Jamf Pro domain>:8443/saml/metadata
    • If using Jamfcloud hosted server, use for Entity ID: https://<Jamf Pro URL>/saml/metadata
    Identity Provider Metadata Source = select Metadata File
    Upload Metadata File = Upload the XML File which was downloaded from Cloudwork Dashboard.
    Token Expiration Time Override = Leave at 480
    Identity Provider User Mapping = Set to NameID
    Jamf Pro User Mapping = Set to Email
    Identity Provider Group Attribute Name = Set to https://scopes.cloudwork.id/profile
    RDN Key For LDAP Group = Leave blank
    Options: Select the following options
    • Single Sign-On Options for Jamf Pro
    • Allow users to bypass the Single Sign-On authentication (Optional Choice)
    • Enable Single Sign-On for Self Service for macOS
    • Enable Single Sign-On for User-Initiated Enrollment
    • Enrollment Access = Set to Any Identity provider user
  6. Click Save
Example of Jamf Pro Setup part 1
Example of Jamf Pro Setup part 2

Testing Single Sign On

  1. Login to your Jamf Pro Dashboard
  2. In the top right corner click the gear
  3. Click Jamf Pro User Accounts & Groups
  4. Click New
  5. For Choose Action select Create standard Account and click Next
  6. Populate your test user details:
    Notes for populating test user:
    • Ensure Username is full email address, and email address field is populated.
    • Password entered here will be ignored
    Test SSO by opening a private browsing session and log into your Jamf Pro Server:
    • If using Jamf OnPremise, login to: https://<Jamf Pro domain>:8443/saml/metadata
    • If using Jamfcloud hosted server, login to: https://<Jamf Pro URL>/saml/metadata
Retrieved from "https://wiki.studentnet.net/index.php?title=Jamf_Pro&oldid=1992"