JumpCloud as LDAP provider in JamfCloud (JamfPro)

Following the default Active Directory mappings, and freeIPA, let’s have a look at another way of adding LDAP integration to Jamf Pro: Jumpcloud.com

Just for the record, before going any further: Jamf, Jamf Pro, JamfCloud and now… a blogpost about JumpCloud? Don’t get confused, JumpCloud is not a Jamf product 🙂 . It’s a 3rd party Directory-as-a-service provider.

As it’s not my intention to give any advise on what 3rd party tool or solution you should use, I’d like to invite you to have a look at their website and see if the provided services are a good match for your environment and deployment needs.

However, my goal here is to “quickly” run through the steps to integrate it in JamfCloud. Also, for those who don’t have a JumpCloud account yet, good news: you get 10 user licences for free, forever and no credit card needed!

Once your Jump Cloud account is up and running, let’s have a look at how to integrate in Jamf Pro, including the mistakes I made initially.

Continue reading “JumpCloud as LDAP provider in JamfCloud (JamfPro)”

Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !

Wow, what a surprise indeed! That moment you are in the middle of mentioning the capabilities of Nomad to the sys admin you are on-boarding in Jamf Pro… the news of the year rolls in…!

Nomad is Jamf… wait, what? Can’t be?!… Time for a small break in the on-boarding session to figure out what just happened!

Yes, there is was, the email from Dean (Jamf CEO), followed by a lot of excitement in the internal chats, emails and other channels. Indeed, Nomad is Jamf and there is Jamf Connect now… just WOW!

But why all the fuzz? What’s Nomad anyway? Why is this such a big news?

Continue reading “Jamf, Nomad, Jamf Connect… just WOW ! What a surprise !”

Default LDAP mapping for Active Directory in Jamf

In today’s post I’d like to go through adding LDAP integration to Jamf Pro, with Microsoft Active Directory as Directory server, and more specific: share the default settings in case you have to configure the LDAP integration manually. So no magic in this post, just sharing the default workflow and AD mappings which might come in handy. I’ll share some other Directory Service mappings soon, such as freeIPA, OD,…

Before we start diving into the settings, just remember that, if you are a Jamf Cloud customer, you will first need to grant Jamf Cloud access to your AD server. Either by Whitelisting the IP adresses of Jamf Cloud, or by installing a Jamf Infrastructure Manager or ‘JIM’ in your DMZ. See my post on ‘JIM’: )

Once this is done, you can go into the settings of Jamf Pro and configure the LDAP connection using the wizard. Jamf Pro will automatically try to fetch the Directory settings and mappings.

Continue reading “Default LDAP mapping for Active Directory in Jamf”

Reverse proxy with pfSense and Squid

A quick test running a reverse proxy in my homelab…

Following my previous post on how to make your Jamf Pro server public, I gave it a try in my homelab…

Just note that this is only a proof of concept, as there are many reverse proxies, or load balancers, available for a production environment (both hardware as software). (For Load Balancing my clustered Jamf Pro setup, on another test server, I used HAProxy which has Reverse Proxy functionality as well).

An in depth discussion of how I configured my homelab for testing different scenario’s (both Jamf related as more general) might be for another time, but let’s quickly have a high level look at the following setup.

Continue reading “Reverse proxy with pfSense and Squid”

A word on LDAP integration and the Jamf Infrastructure Manager

Let’s get this this blog started with one very popular add on for Jamf Cloud: ‘JIM’, or Jamf Infrastructure Manager.

Note: while JIM can also be used for more complex on-premise Jamf Pro installations, I’ll focus this post on Jamf Cloud only. The setup for on-premise servers should however be similar, taking some network considerations into account.

Before forcing you to read my point of view on JIM, I’d like to share a link to THE video you must watch to understand all the details on how this tools works. Laurent, one of the Jamf Profesional Services Engineers, presented an awesome keynote on JIM during JNUC 2017! Have a look at the end of this post for the link.

However, while not trying to re-invent the wheel, here are my highlights on  the installation and configuration of LDAP integration in Jamf Pro.

Many companies or educational institutions use Active Directory, or another LDAP, to manage their end users. And while binding macs to AD is a complete different discussion, ‘to bind or not to bind’ will most likely be one of my future posts, LDAP integration in Jamf Pro remains a very nice thing to have.

Integrating LDAP into Jamf Pro allows you to assign devices to users, auto configure user settings based on AD attributes, authenticate users in Self Service, provision Jamf Pro accounts for admin users and enrollment purposes, etc…

See: Integrating with LDAP Directory Services

For this integration to work however, the Jamf Pro server needs to be able to query the LDAP server. For on-premise Jamf Pro installations, this is most likely going to be a straight forward exercise, as both servers are likely to be on the same internal network. But for Jamf Cloud instances, there is some additional configuration needed. Opening up the internal LDAP server to the world, is most likely not going to amuse your network security team, but still, Jamf Cloud needs acces from outside your network, through the firewall, inbound to the LDAP server. One way or the other…

Continue reading “A word on LDAP integration and the Jamf Infrastructure Manager”