![]() ![]() After Jamf Pro receives the set of data from the Cloud Connector Web application, it verifies the received authorization code. This code is passed with the tenant identifier back to Jamf Pro. As a result, Azure responds with an authorization code. The following diagram shows the typical Jamf Pro and Azure AD IdP integration:Īfter receiving the consent, the Cloud Connector Web application performs authorization of a given client identifier and the received tenant identifier against Azure's authorization endpoint. Jamf Pro cannot write data back to Azure AD. When Jamf Pro is performing lookups in Azure AD, it is in a read-only state. After the application is added, the session is terminated. This means is that the application in Azure AD does not need to be manually created. After successful authentication, an application for Jamf Pro is automatically added in Azure AD to use the Graph API. When setting up the Graph API connection between Jamf Pro and Azure AD, a global administrator user is required to authenticate. No actions other than reading data are performed in Azure. Together with the consent granted by the administrator via the Cloud Connector, this ensures the directory data are automatically passed and used in the directory workflows in Jamf Pro. When working with directory-related workflows (e.g., adding scope limitations and exclusions), Azure AD cloud identity items are listed under the LDAP headings.Īzure AD as a cloud IdP integration uses Microsoft Graph API and connections to the domain. Accounts and groups added in Jamf Pro must be the standard type. User groups added in Jamf Pro have the same name as groups configured in Azure. Your Azure AD privileges (e.g., Global Administrator) allow you to manage consent requested by the Jamf Pro Azure AD Connector app. Your Jamf Pro instance needs to be hosted in Jamf Cloud. When integrating Jamf Pro with Azure AD, consider the following: Performing user membership lookups and use them to map privileges to relevant accounts in Jamf ProĬonfiguring user authentication and scoping ![]() Look up all users and groups for inventory purposes Integrating Jamf Pro with Azure AD as a cloud identity provider allows for the following LDAP workflows without the need to configure Azure AD Domain Services: Provisioning Profiles for In-House Apps.JSON Web Token for Securing In-House Content.User-Assigned Volume Purchasing Registration.Content Distribution Methods in Jamf Pro.Importing Users to Jamf Pro from Apple School Manager.Settings and Security Management for Mobile Devices.Mobile Device Inventory Display Settings.Mobile Device Inventory Collection Settings.Mobile Device Inventory and Criteria Reference.User Enrollment Experience for Personally Owned Mobile Devices.User Enrollment for Personally Owned Mobile Devices.User-Initiated Enrollment Experience for Institutionally Owned Mobile Devices.User-Initiated Enrollment for Mobile Devices.Application Usage for Licensed Software.Settings and Security Management for Computers.Computer Inventory and Criteria Reference.Enrolling Multiple Computers Using the Recon Network Scanner.Enrolling a Computer by Running Recon Locally.Enrolling a Computer by Running Recon Remotely.User-Initiated Enrollment Experience for Computers.User-Initiated Enrollment for Computers.Building the Framework for Managing Computers.Jamf Self Service for iOS Branding Settings.About Jamf Self Service for Mobile Devices.Jamf Self Service for macOS URL Schemes.Items Available to Users in Jamf Self Service for macOS.Jamf Self Service for macOS Branding Settings.Jamf Self Service for macOS Notifications.Jamf Self Service for macOS Configuration Settings.Jamf Self Service for macOS User Login Settings.Jamf Self Service for macOS Installation Methods.Integrating with Automated Device Enrollment.Integrating with LDAP Directory Services.Components Installed on Managed Computers. ![]()
0 Comments
Leave a Reply. |