Jamf Connect Login with Azure

There we go! Jamf launched Jamf Connect Login and Jamf Connect Verify with Azure integration: Jamf Connect Azure

Also, Nomad Pro has been rebranded to Jamf Connect Sync (Okta only).

My goal is to do a couple of blog post on the above products, but combining them in one big post would make this post a bit too long. Hence, let’s start with Jamf Connect Login and Azure integration. And this will already be one of those longer posts… ☕️☕️☕️

In one of my previous post I discussed Nomad Login+ Okta. This is now part of Jamf Connect, as depending the configuration the tool can be used for both Okta as Azure. I do have Jamf Connect Login with Okta on my ‘blog to-do list’ in order to go through the changes and discuss how to deploy it.

I’ll also leave Jamf Connect Verify for another time as it requires an additional installation (not included in the Jamf Connect installer).

Jamf Connect Notify (previously DEPNotify) is however part of Jamf Connect, so let’s do that today as well.

So the goal for today’s post:

  • Deploy Jamf Connect
  • Integrate it with Azure
  • Launch Notify during the Jamf Connect Login process.
Continue reading “Jamf Connect Login with Azure”

Jamf Pro Server Tools – backups

Scheduling Jamf Pro Database backups using the Server Tools

We are 1 week into 2019, and I was thinking about a new topic to kick this new year into action. I still have some pending tutorials in mind, but before diving into another long topic, what’s better to start a new year than to start with some good practices? You know, like those resolutions we tend to make following the festivities each year… One of those could be making backups all those things you highly value. Your Jamf Pro server for instance!

Continue reading “Jamf Pro Server Tools – backups”

Jamf Pro and Google Secure LDAP

Integrate Jamf Pro with Google Cloud Identity Secure LDAP

UPDATE 18th of December: got it to work JamfCloud! See bottom of post.

Earlier this year Jamf announced support for the new Google Secure LDAP service. As I was too pre-occupied with macOS Mojave & Secure Tokens, I didn’t have the change to test it until now. 

But to break away from testing token related deployments, I decided to have a look at this new LDAP integration today.

Before I continue, I just want to highlight one important detail regarding the pre-reqs to integrate this feature in Jamf Pro.

If you look at the configuration guide for Google Secure LDAP, you'll see that it requires 'Certificate based Authentication'. Important to know, because the LDAP integration in Jamf Pro currently does not allow us to do so.

This means that, in case you do want to integrate Google Secure LDAP into Jamf Pro, whether you are hosting your own Jamf Pro server or using JamfCloud, you will need an additional proxy server. More about that below.

That said, let’s have a quick look at how to do things.

Continue reading “Jamf Pro and Google Secure LDAP”

Script to manage Secure Tokens on macOS 10.14.2+

Just a quick post before heading into the weekend, and leaving Secure Tokens far behind me for a couple of days. I just want to share this attempt to make a script to manage Secure Tokens prior to enabling FileVault.

The idea is to make sure that you have an Administrator Account with a Secure Token in case you want to be able to manipulate the tokens/FileVault later. This is especially important in case you are limiting the end user to creating a non-admin/standard account or using managed mobile accounts at automated enrolment.

Continue reading “Script to manage Secure Tokens on macOS 10.14.2+”

Mojave 10.14.2 and Secure Tokens, it works!

macOS 10.14.2 brings a welcome change to our Secure Token saga!

Well, kind off. Not everything but there are some welcome changes!

!!! ALREADY AN UPDATE to what I wrote here -  see comments !!!
Update 2: 9/12/18 - promote the non-admin Secure Token holder. see comments !!!

When I wrote my previous post on Secure Tokens, I mainly focused on enabling FileVault with Configuration Profiles on 10.14.1. The main issue was that if no account on the mac had a Secure Token, the profile would fail to enable FileVault. This due to the fact the first account logging into the Mac has to be a LOCAL Administrator.

This, amongst many other FileVault related issues, caused some concerns for many Mac Sys Admins. Additional bugs on 10.14.1 seemed to make the mayhem complete, leaving many of us in a state wondering if something was expected behaviour, or “a feature”… In all fairness, there were moments where I thought I finally understood how Secure Tokens work, and other moments where I just lost all hope…

Hence my intensive search for a recommended workflow to avoid as much of the issues as possible. I ended up testing almost every scenario with different types of accounts, on both 10.14.1 and 10.14.2.

I had to wait until 10.14.2 came out of beta, but now that 10.14.2 is released, let’s see what this early Filevault Santa bring us!

Continue reading “Mojave 10.14.2 and Secure Tokens, it works!”