When creating a Prestage Enrollment to work with there are a few settings and configuration profiles that need to be enabled so that Jamf Connect Login gets configured properly. Notify Screen Mechanism Prestage Settings A better explaination of commands that can be run can be found here on JAMF's documentation page. This script displays different images, display text and runs the on-boarding JAMF Policies. I have also attached a script that renames computers based on a users first name and last name from their Okta Profile. See the script in this repo for an example script that is modelled after information that JAMF provides. In this script we will tell Notify what to display and what JAMF Policies to run.We have actually already enabled our workflow to enable this mechanism by using the authchanger command and to include JamfConnectLogin:RunScript,privileged in our postInstall script.You can also follow these instructions using the nano editor. JAMF has good instrutions on how to enable the RunScript mechanism for JAMF Login. Specifies the path to the script or other executable run by the RunScript mechanism.Įnables Filevault and stores the FV Recovery key locally for Escrow to JAMF Pro (Requires Escrow Configuration Profile to send to JAMF Pro).įor 10.15 and on, a PCCC Configuration profile is needed to enable FileVault on login. "jamfconnect://127.0.0.1/jamfconnect" is recommended by default.Īllows user to select Wi-Fi network at login window.Ĭreates a keychain entry for Jamf Connect Sync (requires Sync to be installed already at time of login for this to function The redirect URI used by your Jamf Connect app in Okta. Ignores any cookies stored by the loginwindow Login Logo to be displayed at Jamf Connect Login screen This can be a custom page or your okta homepageĪllows local authentication in case Okta is not reachable URL users are directed to when hitting help at login. Please see below.īelow is an explanation of keys being used Key The package also needs a post-install script that will install Login, Sync and activate the Notify and RunScript Mechanisms for us. We are also installing out image files and the notify script location which will also be called later on in this provisioning process.Post Install Script should look like below: Okta Configurations for Standard / Admin Usersįirst we need to build our Pre-Stage package to look like the image to the right:Īs you can see, we are installing both Sync and Login to a temporary location which we will then all to install using the installer binary later in the process.Plist Configuration for Jamf Connect Login.This page is geared towards Okta users ONLY. Mac Device Trust - To ensure only Jamf-managed Mac devices can access enterprise services, Jamf delivers a payload down to Mac devices that Okta then inspects prior to allowing access.This page will explain how to configure Jamf Connect Login's Notify and Run Script mechanisms (Pluggable Authentication Module) to be used for user provisioning. In addition, when enabled, Jamf Pro can assign customized content and policies to devices that belong to users who are members of particular LDAP groups. User/Group Synchronization - Jamf Pro can access users and groups stored in Okta through Okta’s LDAP interface, eliminating the requirement to connect Jamf Pro to Active Directory. Single Sign-On and MFA - Okta Single Sign-On (SSO) and Multi-factor Authentication (MFA) integrates with Jamf Pro and Jamf Connect to provide seamless and secure authentication to managed Apple devices and company resources. Add best-in-class identity management to your enterprise endpoint management solution with the powerful integration of Okta with Jamf.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |