Integrate Azure LDAP in Jamf Pro

Integrate Azure AD in Jamf Pro as an LDAP service.

With the release of Jamf Connect w/ Azure integration, Jamf provides a tool (amongst other functionality) to create local user accounts on your Macs. This based on the identity of the user in Azure.

I noticed this latest Jamf Connect release triggers additional interest in integrating Azure as an LDAP server. Azure LDAP integration was on my blog to-do list for some time now, but other topics jumped ahead in my priority list. So to finally clear this from my to-do list, hereby a quick post on how to add Azure as an LDAP service in Jamf Pro.

I’ll try to keep this one as short as possible. Managing Azure AD and enabling the required services (LDAPs) is a bit beyond my scope here. Allow me to assume that you already configured it for other integrations outside Jamf Pro.

Nevertheless, let’s run through the different steps on a high level overview, and try to highlight some important notes. After this we’ll have a look at the default mapping settings in Jamf Pro.

Continue reading “Integrate Azure LDAP in Jamf Pro”

Jamf Pro and Google Secure LDAP

Integrate Jamf Pro with Google Cloud Identity Secure LDAP

UPDATE 18th of December: got it to work JamfCloud! See bottom of post.

Earlier this year Jamf announced support for the new Google Secure LDAP service. As I was too pre-occupied with macOS Mojave & Secure Tokens, I didn’t have the change to test it until now. 

But to break away from testing token related deployments, I decided to have a look at this new LDAP integration today.

Before I continue, I just want to highlight one important detail regarding the pre-reqs to integrate this feature in Jamf Pro.

If you look at the configuration guide for Google Secure LDAP, you'll see that it requires 'Certificate based Authentication'. Important to know, because the LDAP integration in Jamf Pro currently does not allow us to do so.

This means that, in case you do want to integrate Google Secure LDAP into Jamf Pro, whether you are hosting your own Jamf Pro server or using JamfCloud, you will need an additional proxy server. More about that below.

That said, let’s have a quick look at how to do things.

Continue reading “Jamf Pro and Google Secure LDAP”

Integrating Okta LDAP in Jamf Pro

UPDATE – Thu 11 Oct: see bottom of this post

What? Another LDAP related post? Well yes, while I still have many other pending topics, I thought it might be interesting to share this “LDAP flavour” as well. As Okta is one of the popular identity providers, chances are high some of you might be looking into integrating it in Jamf Pro, and it fits nice into the series of other LDAP related posts like JIM, Active Directory, freeIPA and Jumpcloud.

I’ll leave LDAP integrations behind me after this one, promised! Or maybe not, maybe I should add Azure AD as well, we’ll see 🙂

First of all, we all know Okta as an identity and Single Sign On provider, for which Jamf already has a KB article, but apart from other already released features, their preview or early access list has some cool stuff in development.

And one of those early access features which triggered my interest, is the LDAP interface.

Continue reading “Integrating Okta LDAP in Jamf Pro”

JumpCloud as LDAP provider in JamfCloud (JamfPro)

Following the default Active Directory mappings, and freeIPA, let’s have a look at another way of adding LDAP integration to Jamf Pro: Jumpcloud.com

Just for the record, before going any further: Jamf, Jamf Pro, JamfCloud and now… a blogpost about JumpCloud? Don’t get confused, JumpCloud is not a Jamf product 🙂 . It’s a 3rd party Directory-as-a-service provider.

As it’s not my intention to give any advise on what 3rd party tool or solution you should use, I’d like to invite you to have a look at their website and see if the provided services are a good match for your environment and deployment needs.

However, my goal here is to “quickly” run through the steps to integrate it in JamfCloud. Also, for those who don’t have a JumpCloud account yet, good news: you get 10 user licences for free, forever and no credit card needed!

Once your Jump Cloud account is up and running, let’s have a look at how to integrate in Jamf Pro, including the mistakes I made initially.

Continue reading “JumpCloud as LDAP provider in JamfCloud (JamfPro)”

Jamf LDAP and freeIPA

This will be a short one, promised. For this mid-week post I’ll go for a quick share of some default settings again: integrate freeIPA as LDAP provider in Jamf Pro.

Maybe less common than Active Directory or other more mainstream Directory Services, but still, handy to have some default references to crosscheck when needed. 

Recently I was asked to help with adding freeIPA in Jamf Pro, as the mappings did not work correctly. 

I must admit, I’m not a freeIPA expert, but yeah, always game for a challenge. So I spun up a small VM on my home lab ESXI, installed freeIPA, created some test users and checked the basic user attributes with “ldapsearch” in Terminal. Just to check what the default attributes in freeIPA are and map those in Jamf Pro.

Continue reading “Jamf LDAP and freeIPA”