Integrate Azure LDAP in Jamf Pro

Integrate Azure AD in Jamf Pro as an LDAP service.

With the release of Jamf Connect w/ Azure integration, Jamf provides a tool (amongst other functionality) to create local user accounts on your Macs. This based on the identity of the user in Azure.

I noticed this latest Jamf Connect release triggers additional interest in integrating Azure as an LDAP server. Azure LDAP integration was on my blog to-do list for some time now, but other topics jumped ahead in my priority list. So to finally clear this from my to-do list, hereby a quick post on how to add Azure as an LDAP service in Jamf Pro.

I’ll try to keep this one as short as possible. Managing Azure AD and enabling the required services (LDAPs) is a bit beyond my scope here. Allow me to assume that you already configured it for other integrations outside Jamf Pro.

Nevertheless, let’s run through the different steps on a high level overview, and try to highlight some important notes. After this we’ll have a look at the default mapping settings in Jamf Pro.

Continue reading “Integrate Azure LDAP in Jamf Pro”

Jamf Pro and Google Secure LDAP

Integrate Jamf Pro with Google Cloud Identity Secure LDAP

UPDATE 18th of December: got it to work JamfCloud! See bottom of post.

Earlier this year Jamf announced support for the new Google Secure LDAP service. As I was too pre-occupied with macOS Mojave & Secure Tokens, I didn’t have the change to test it until now. 

But to break away from testing token related deployments, I decided to have a look at this new LDAP integration today.

Before I continue, I just want to highlight one important detail regarding the pre-reqs to integrate this feature in Jamf Pro.

If you look at the configuration guide for Google Secure LDAP, you'll see that it requires 'Certificate based Authentication'. Important to know, because the LDAP integration in Jamf Pro currently does not allow us to do so.

This means that, in case you do want to integrate Google Secure LDAP into Jamf Pro, whether you are hosting your own Jamf Pro server or using JamfCloud, you will need an additional proxy server. More about that below.

That said, let’s have a quick look at how to do things.

Continue reading “Jamf Pro and Google Secure LDAP”

Integrating Okta LDAP in Jamf Pro

UPDATE – Thu 11 Oct: see bottom of this post

What? Another LDAP related post? Well yes, while I still have many other pending topics, I thought it might be interesting to share this “LDAP flavour” as well. As Okta is one of the popular identity providers, chances are high some of you might be looking into integrating it in Jamf Pro, and it fits nice into the series of other LDAP related posts like JIM, Active Directory, freeIPA and Jumpcloud.

I’ll leave LDAP integrations behind me after this one, promised! Or maybe not, maybe I should add Azure AD as well, we’ll see 🙂

First of all, we all know Okta as an identity and Single Sign On provider, for which Jamf already has a KB article, but apart from other already released features, their preview or early access list has some cool stuff in development.

And one of those early access features which triggered my interest, is the LDAP interface.

Continue reading “Integrating Okta LDAP in Jamf Pro”

Jamf LDAP and freeIPA

This will be a short one, promised. For this mid-week post I’ll go for a quick share of some default settings again: integrate freeIPA as LDAP provider in Jamf Pro.

Maybe less common than Active Directory or other more mainstream Directory Services, but still, handy to have some default references to crosscheck when needed. 

Recently I was asked to help with adding freeIPA in Jamf Pro, as the mappings did not work correctly. 

I must admit, I’m not a freeIPA expert, but yeah, always game for a challenge. So I spun up a small VM on my home lab ESXI, installed freeIPA, created some test users and checked the basic user attributes with “ldapsearch” in Terminal. Just to check what the default attributes in freeIPA are and map those in Jamf Pro.

Continue reading “Jamf LDAP and freeIPA”

Default LDAP mapping for Active Directory in Jamf

In today’s post I’d like to go through adding LDAP integration to Jamf Pro, with Microsoft Active Directory as Directory server, and more specific: share the default settings in case you have to configure the LDAP integration manually. So no magic in this post, just sharing the default workflow and AD mappings which might come in handy. I’ll share some other Directory Service mappings soon, such as freeIPA, OD,…

Before we start diving into the settings, just remember that, if you are a Jamf Cloud customer, you will first need to grant Jamf Cloud access to your AD server. Either by Whitelisting the IP adresses of Jamf Cloud, or by installing a Jamf Infrastructure Manager or ‘JIM’ in your DMZ. See my post on ‘JIM’: )

Once this is done, you can go into the settings of Jamf Pro and configure the LDAP connection using the wizard. Jamf Pro will automatically try to fetch the Directory settings and mappings.

Continue reading “Default LDAP mapping for Active Directory in Jamf”