Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (2023)

Table of Contents
in the text previous request script description Add Jamf Pro from the library Configure and test single sign-on to Azure AD for Jamf Pro Configure SSO in Azure AD Create a test Azure AD user Assign an Azure AD test user Configure SSO in Jamf Pro Create a Jamf Pro trial user Test the SSO configuration Next step References
  • article

In this tutorial, you'll learn how to integrate Jamf Pro with Azure Active Directory (Azure AD). When you integrate Jamf Pro with Azure AD, you can:

  • Use Azure AD to control who has access to Jamf Pro.
  • Your users are automatically signed in to Jamf Pro using their Azure AD accounts.
  • Manage your account in one central place - the Azure Portal.

previous request

To get started, you need the following items:

  • Azure AD subscription. If you don't have a subscription, you can get onefree account.
  • A Jamf Pro subscription with single sign-on (SSO) enabled.

script description

In this tutorial, you will set up and test Azure AD SSO in a test environment.

  • Acknowledge Jamf ProInitiated by SPyesStart IdPsign in.

Add Jamf Pro from the library

To configure Jamf Pro integration in Azure AD, you need to add Jamf Pro from the collection to the list of managed SaaS applications.

  1. Sign in to the Azure portal with your work or school account or your personal Microsoft account.
  2. In the left pane, select itAzure Active DirectoryServe.
  3. I canbusiness applicationthen chooseall applications.
  4. To add a new application, select thenew application.
  5. hereadd from collectionsection, enterjamf forin the search box.
  6. choosejamf forFrom the resulting window, then Add Application. Wait a few seconds for the application to be added to your tenant.

Alternatively, you can useEnterprise Application Setup Wizard.In this guide, you can add applications to your tenant, add users/groups to applications, assign roles, and complete SSO setup.Learn more about Microsoft 365 participants.

Configure and test single sign-on to Azure AD for Jamf Pro

Set up and test Azure AD SSO with Jamf Pro using a test user named B.Simon. For SSO to work properly, you must create a login relationship between the user in Azure AD and the associated user in Jamf Pro.

In this section, you will configure and test Azure AD SSO using Jamf Pro.

  1. Configure SSO in Azure ADThis will allow your users to use this functionality.
    1. Create a test Azure AD userTest Azure AD SSO with B.Simon account.
    2. Assign an Azure AD test userThis allows B.Simon to use SSO to Azure AD.
  2. Configure SSO in Jamf ProConfigure application-side SSO settings.
    1. Create a Jamf Pro trial userThere is a B.Simon counterpart in Jamf Pro that links to the user's Azure AD representation.
  3. Test the SSO configurationVerify that the configuration is valid.

Configure SSO in Azure AD

In this section, you will enable Azure AD SSO in the Azure portal.

  1. In the Azure portal atjamf forApp Integrations page, look for itthey managesection and selectsingle connection.

  2. for himChoose a single sign-on methodpage, selectSAML.

  3. for himConfigure single sign-on using SAMLpage, select the pencil iconBasic SAML configurationEdit configuration.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (1)

  4. for himBasic SAML configurationsection, if you want to configure the applicationStart IdPmode, enter values ​​for the following fields:

    arrive. hereidentifiertext box, enter the URL using the following formula:https://.jamfcloud.com/saml/metadata

    West. hereResponse URLtext box, enter the URL using the following formula:https://.jamfcloud.com/saml/SSO

  5. chooseSet additional URLs.If you want to configure your application toInitiated by SPoperation, inLogin URLtext box, enter the URL using the following formula:https://.jamfcloud.com

    use

    These values ​​are not real. Update these values ​​with the actual ID, Response URL, and Connection URL. You will get the value of its actual IDsingle connectionsection in the Jamf Pro portal, which is explained later in this tutorial. You can extract the actual subdomain value from the identifier value and use that subdomain information as the connection URL and response URL. You can also refer to the types shown inBasic SAML configurationsection in the Azure portal.

    See Also
    (PDF) 5 Technical Mistakes - Jamf Pro 2018-07-19 course. You've probably heard (or experienced) stories of edtech failures. Many times, fear, - DOKUMEN.TIPSConfigure permissions and assign agile deploymentsPaid Public iOS and Workspace ONE UEM AppsJamf Integration Guide

  6. for himConfigure single sign-on using SAMLpage, go toSAML Signing Certificatesection, select itcopycopy buttonApp syndication metadata URLThen save it to your computer.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (2)

Create a test Azure AD user

In this section, you will create a test user named B.Simon in the Azure portal.

  1. In the left pane of the Azure portal, selectAzure Active Directory, chooseuserthen chooseall users.
  2. choosenew userat the top of the screen.
  3. hereuserproperties, follow these steps:
    1. hereNamefield, enterB. Simon.
    2. hereusernamefield, type [name]@[company domain].[extension]. For example,B.Simon@contoso.com.
    3. select itdisplay codecheckbox, then make a note of thepasswordBox.
    4. choosecreate.

Assign an Azure AD test user

In this section, you give B.Simon access to Jamf Pro.

  1. In the Azure portal, selectbusiness applicationthen chooseall applications.
  2. In the list of applications, choosejamf for.
  3. On the app's overview page, look for thisthey managesection and selectusers and groups.
  4. chooseAdd user, and selectusers and groupsin itadd workdialog box.
  5. hereusers and groupsdialog box, selectB. Simonfrom the user list, then select itchoosebutton at the bottom of the screen.
  6. If you wish to assign a role to a user, you can do so in thechoose a roledrop-down list. If no roles are configured for this application, you will see the default access role selected.
  7. hereadd workdialog, select itdistributebutton.

Configure SSO in Jamf Pro

  1. For automatic configuration in Jamf Pro, install thisMy App Secure Login Browser Extensionchooseinstall extension.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (3)

  2. After adding the extension to your browser, selectJamf Pro configuration.When the Jamf Pro application opens, provide your administrator credentials to log in. The browser extension will automatically configure the application and perform steps 3-7 automatically.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (4)

  3. To set up Jamf Pro manually, open a new web browser window and log in to your company's Jamf Pro website as an administrator. Then follow the steps below.

  4. select itsettings iconfrom the top right corner of the page.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (5)

  5. choosesingle connection.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (6)

  6. for himsingle connectionpage, follow the steps below.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (7)

    one. chooseedit.

    West. select itEnable single sign-on authenticationcontrol box

    C. chooseblueas his choiceidentity providerCollapsible menu.

    Hey. copy itentity numbervalue and paste it inID (Entity ID)field inBasic SAML configurationsection in the Azure portal.

    use

    value in useFields to fill in the login URL and reply URLBasic SAML configurationsection in the Azure portal.

    mine. chooseMetadata URLfromSources of Identity Provider MetadataCollapsible menu. In the field that appears, paste thisApp syndication metadata URLValues ​​copied from the Azure portal.

    F. (Optional) Edit the Token Expiration value or select Disable SAML Token Expiration.

  7. On the same page, scroll down touser mappingUnite. Then follow the steps below.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (8)

    arrive. select itID card nameoptionsIdentity Provider User Mapping.By default, this option is set toID card name, but you can set custom properties.

    West. choosee-mailforJamf Pro User Mapping. Jamf Pro maps the SAML attributes sent by the IdP first to users and then to groups. When a user tries to log into Jamf Pro, Jamf Pro gets information about the user from the identity provider and compares it to all Jamf Pro user accounts. If an incoming user account is not found, Jamf Pro tries to match it to a group name.

    C. Paste the valuehttp://schemas.microsoft.com/ws/2008/06/identity/claims/groupsin itIdentity provider attribute group nameCampo.

    Hey. On the same page, scroll down toSafetysection and selectAllow users to bypass single sign-on authentication.So instead of being redirected to the identity provider's login page for authentication, the user can log in directly to Jamf Pro. IdP-initiated SSO authentication and authorization occurs when a user attempts to access Jamf Pro through an identity provider.

    mine. choosesave.

Create a Jamf Pro trial user

Before Azure AD users can log into Jamf Pro, they must be configured in Jamf Pro. Configuration in Jamf Pro is a manual task.

To create a user account, follow these steps:

  1. Log in to the Jamf Pro corporate website as an administrator.

  2. select itset upicon in the upper right corner of the page.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (9)

  3. chooseJamf Pro User Accounts and Groups.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (10)

  4. choosenew.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (11)

  5. chooseCreate a standard account.

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (12)

  6. for himnew accountdialog box, perform the following steps:

    Tutorial: Integrate Azure Active Directory Single Sign-On (SSO) with Jamf Pro - Microsoft Enter (13)

    arrive. hereusernamefield, enterBritta Simon, the full name of the test user.

    West. select optionaccess permission,privilege set, yaccess statusagree with your organization.

    Catfull namefield, enterBritta Simon.

    Hey. insideemail addressfield, enter the email address for Britta Simon's account.

    mine. herepasswordfield, enter the user's password.

    F Stoweverify passwordRe-enter the user password.

    Gram. choosesave.

Test the SSO configuration

In this section, you will test your Azure AD single sign-on setup using the following options.

SP start:

  • clicktry this appin the Azure portal. This will redirect you to the Jamf Pro login URL where you can start the login process.

  • Go directly to the Jamf Pro login URL and start the login process from there.

IDP start:

  • clicktry this appIn the Azure Portal, you should be automatically logged into the Jamf Pro for which you configured SSO

You can also test applications in any mode using Microsoft My Apps. When you click on the Jamf Pro tile in my app, if it's set to SP mode, you'll be redirected to the app's login page to start the login process, and if it's set to IDP mode, you should be automatically logged in Jamf Pro you set up SSO for. For more information about my application, seeAbout my application.

Next step

Once you set up Jamf Pro, you can implement Session Control, which protects your organization's sensitive data from leaks and leaks in real time. Session control extends from conditional access.Learn how to enforce session control for cloud applications with Microsoft Defender.

References

Top Articles
Latest Posts
Article information

Author: Wyatt Volkman LLD

Last Updated: 06/06/2023

Views: 6042

Rating: 4.6 / 5 (46 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Wyatt Volkman LLD

Birthday: 1992-02-16

Address: Suite 851 78549 Lubowitz Well, Wardside, TX 98080-8615

Phone: +67618977178100

Job: Manufacturing Director

Hobby: Running, Mountaineering, Inline skating, Writing, Baton twirling, Computer programming, Stone skipping

Introduction: My name is Wyatt Volkman LLD, I am a handsome, rich, comfortable, lively, zealous, graceful, gifted person who loves writing and wants to share my knowledge and understanding with you.