Apple – Travelling Tech Guy

Jamf Connect Login and IBM Cloud Identity

Adding IBM Cloud Identity to the Jamf Connect mix

Before going into some time off, and probably not touching any Jamf Connect related stuff for 2 weeks, let’s have a look at another iDP: IBM Cloud Identity.

This is going to be a shorter post compared to other Jamf Connect related blogs, as I managed to get everything working nicely. I had a small ROPG roadblock but was able to fix it. See below.

Start point: https://docs.jamf.com/jamf-connect/1.1.2/login/administrator-guide/IBM_Cloud_Identity.html

NOTE: I'll try to you some time here mentioning the fact that when you go through the setup of the OIDC app in IBMCI, you need to configure it as "Public Client (no client secret)". Saving the app following the instruction above by default creates it WITH a secret, and while I was able to deploy Jamf Connect, it actually broke ROPG. Setting the "OIDCNewPassword" key to false to validate the password gave me "incorrect password" when trying to create the user account.

The logs gave me: "ROPG Error: CSIAQ0160E A confidential client attempted to access the token endpoint without authenticating."

Changing the app setup in IBM to Public fixed it.

NOTE: I also had an issue with trying to deploy Jamf Connect Login with IBMCI on a virtual machine. While it works fine with other iDP's, I ran into issues loading the webview of the IBM login screen on a VM. Logs gave me: Logs: SecurityAgent: (JamfConnectLogin) [com.jamf.connect.login:UI] OIDC webview load failed.

This flashes the login screen briefly but then shows the "unable to contact the Identity Provider screen".

However, I assume this is only a VM hickup, as it all works fine on a physical machine.

Jamf Connect Login and Google Cloud Identity

The same as other Jamf Connect iDP deployments, yet different.

I know, it’s only a few days since I discussed deploying Jamf Connect Login with OneLogin, but as many people are using Jamf Connect with different iDP’s, let’s quickly have a look at another one: Google Cloud Identity.

Before taking it out for a spin, have a look at the admin guide here. As with all other iDP’s and Jamf Connect, the idea is to create an app in Google Cloud, and configure Jamf Connect via a config profile or custom settings plist.

However, Google is a bit different compared to other iDP’s and there are a few things I’d like to highlight before we have a look at the deployment.

Jamf Connect Login and OneLogin (and Secure Tokens

Another iDP tested with Jamf Connect Login

NOTE: I was told that configuring Jamf Connect with a OneLogin instance hosted in the EU does not work. See comments from Martin below. I presume this is an issue with the End Point Jamf Connect uses. Setting the OIDCProvider to "OneLoginEurope" does not work either.

Solution: set OIDCProvider to "Custom" and add the "OIDCDiscoveryURL" which you'll find here: https://developers.onelogin.com/openid-connect/api/provider-config

<key>OIDCProvider</key>
<string>Custom</string>

<key>OIDCDiscoveryURL</key>
<string>discovery URL</string>

Hi all, it has been a while since I posted another topic. Things got a bit busy, and I’ve been struggling fixing things with both ADFS and Okta in Jamf Connect. I still have some remaining roadblocks to tackle on those and will try to update those issues I mentioned in my 2 previous posts ASAP. But in the meantime, let’s have a look at another iDP integration in Jamf Connect: OneLogin.

Trying this one out was actually a relatively smooth ride, although I’m facing one minor issue which I’ll discuss at the end of this post.

So Jamf Connect and OneLogin, let’s have a look.

And oh yes… I’m adding something about Secure Tokens as well..

Jamf acquired Zuludesk!

Jamf Doubles Down in Education, Acquiring ZuluDesk, a Leading Apple Education Technology Solution

Yes, you read that right! Zuludesk is now part of the Jamf family!

Exiting news because, where until recently Jamf and Zuludesk were competitors (read: more specifically in the world of Education), forces have now been combined!

At this moment, I don’t have any additional information to share outside the public press release but I’m sure this acquisition and combined forces will bring an exciting new future for the world of macOS and iOS management!

For now I just wanted to help spreading this awesome news! Stay tuned for more. Exciting times ahead!

PRESS RELEASE

Grtz,
TTG

Script to manage Secure Tokens on macOS 10.14.2+

Just a quick post before heading into the weekend, and leaving Secure Tokens far behind me for a couple of days. I just want to share this attempt to make a script to manage Secure Tokens prior to enabling FileVault.

The idea is to make sure that you have an Administrator Account with a Secure Token in case you want to be able to manipulate the tokens/FileVault later. This is especially important in case you are limiting the end user to creating a non-admin/standard account or using managed mobile accounts at automated enrolment.

M	T	W	T	F	S	S
« Mar
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Tag: Apple

Jamf acquired Zuludesk!

Script to manage Secure Tokens on macOS 10.14.2+

SHARING IS CARING