Jamf Connect and ADFS… incorrect password

Fixing the “incorrect password” issue with Jamf Connect Login and ADFS.

Update 19th of March: It came to my attention that I'm missing the ROPG key in the config below. Again, I'm not able to fully test as I don't have an ADFS test environment.  I update the config below, adding the OIDCROPGID key, please let me know if it works for you.

Update 22nd: I just build out an entire ADFS farm. AD + ADFS + WAP servers, and federated it with Azure. I can use Jamf Connect Login to authenticate and create the account, but setting the <OIDCNewPassword> key to <false/> to validate it over ROPG and use it as local password still does NOT work for me. Adding the OIDCROPGID key below, does not change anything. I must be missing a key ingredient on ADFS to make it work. And while I managed to build out the ADFS farm, I'm not an ADFS expert, hence I'm wondering if this missing ingredient / setting might also make the passthrough of ROPG via Azure work... no idea, back to square one.
        ------------------------------------------------------
        <key>OIDCROPGID</key>
        <string>f7364cb1-2b34-4g64-9c83-38b827cd0a9e</string>
        ------------------------------------------------------

I was initially going to dedicate this post to deploying Jamf Connect Login with Okta. I wrote that Nomad Login+ Okta post a few months ago, so I assumed it would be a walk in the party to update my workflow now that Nomad Login+ moved under the Jamf Connect umbrella. Well, I still don’t know why but I ran into some roadblocks which I have to analyse first. Probably just due to my own doing, overlooking things or whatever it might be, but I’ll postpone writing about it till I have rock solid info to share. Stay tuned!

Hence, this post is going to be Azure related again. But because Jamf Connect is still fairly new to all of us, we can’t share too much information right! Jamf Connect truly is a beautiful tool to streamline the way end users authenticate to their Macs, apps and services, ensuring they only need 1 password to rule it all. Have a look at my previous post about how to do a basic deployment. Quite straight forward, no rocket science at all!

However it seems that some people ran into issues in environments with a mix of Azure and ADFS.

Continue reading “Jamf Connect and ADFS… incorrect password”

Jamf Connect Verify

Deploying Jamf Connect Verify

After deploying Jamf Connect Login with Azure in one of my previous posts, it was about time to have a look at adding ‘Verify’ to the mix as well. And while there are plenty of different deployment scenarios possible, I’m going to keep this one short and simple.

Note: Just for clarity, Jamf Connect Login is used with Azure or Okta. Jamf Connect Verify is a tool used with Azure, while Jamf Connect Sync (Nomad Pro) is used with Okta.

In my discussion about deploying Jamf Connect Login, I repackaged the installer and added a post-install script for the authchanger and Notify, etc…

I could just add the Jamf Connect Verify to the prestage package, but Jamf Connect Verify can actually be used without Jamf Connect Login. So for this quick overview, I’ll just deploy Verify separately. If you are deploying Verify together with Login, just repackage it like I did in my previous post. If not, just deploy it with a Jamf Pro policy, or even a stand alone pre-stage package if you have nothing else to deploy in the prestage. For testing, you can just run the installer on your test machine, nothing special.

Continue reading “Jamf Connect Verify”

Integrate Azure LDAP in Jamf Pro

Integrate Azure AD in Jamf Pro as an LDAP service.

With the release of Jamf Connect w/ Azure integration, Jamf provides a tool (amongst other functionality) to create local user accounts on your Macs. This based on the identity of the user in Azure.

I noticed this latest Jamf Connect release triggers additional interest in integrating Azure as an LDAP server. Azure LDAP integration was on my blog to-do list for some time now, but other topics jumped ahead in my priority list. So to finally clear this from my to-do list, hereby a quick post on how to add Azure as an LDAP service in Jamf Pro.

I’ll try to keep this one as short as possible. Managing Azure AD and enabling the required services (LDAPs) is a bit beyond my scope here. Allow me to assume that you already configured it for other integrations outside Jamf Pro.

Nevertheless, let’s run through the different steps on a high level overview, and try to highlight some important notes. After this we’ll have a look at the default mapping settings in Jamf Pro.

Continue reading “Integrate Azure LDAP in Jamf Pro”

Jamf acquired Zuludesk!

Jamf Doubles Down in Education, Acquiring ZuluDesk, a Leading Apple Education Technology Solution

Yes, you read that right! Zuludesk is now part of the Jamf family!

Exiting news because, where until recently Jamf and Zuludesk were competitors (read: more specifically in the world of Education), forces have now been combined!

At this moment, I don’t have any additional information to share outside the public press release but I’m sure this acquisition and combined forces will bring an exciting new future for the world of macOS and iOS management!

For now I just wanted to help spreading this awesome news! Stay tuned for more. Exciting times ahead!

PRESS RELEASE

Grtz,
TTG

Jamf Connect Login with Azure

There we go! Jamf launched Jamf Connect Login and Jamf Connect Verify with Azure integration: Jamf Connect Azure

Also, Nomad Pro has been rebranded to Jamf Connect Sync (Okta only).

My goal is to do a couple of blog post on the above products, but combining them in one big post would make this post a bit too long. Hence, let’s start with Jamf Connect Login and Azure integration. And this will already be one of those longer posts… ☕️☕️☕️

In one of my previous post I discussed Nomad Login+ Okta. This is now part of Jamf Connect, as depending the configuration the tool can be used for both Okta as Azure. I do have Jamf Connect Login with Okta on my ‘blog to-do list’ in order to go through the changes and discuss how to deploy it.

I’ll also leave Jamf Connect Verify for another time as it requires an additional installation (not included in the Jamf Connect installer).

Jamf Connect Notify (previously DEPNotify) is however part of Jamf Connect, so let’s do that today as well.

So the goal for today’s post:

  • Deploy Jamf Connect
  • Integrate it with Azure
  • Launch Notify during the Jamf Connect Login process.
Continue reading “Jamf Connect Login with Azure”