Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
As I'm writing articles, I'll update this page with the latest articles: Updated 23SEPT2024 What is Platform Single Sign-On - An overview of the technology and how it works https://community.jamf.com/t5/jamf-pro/what-is-platform-single-sign-on/td-p/320251 Configure PSSOe for Microsoft Entra ID Jamf Technical Guide: https://learn.jamf.com/en-US/bundle/technical-articles/page/Platform_SSO_for_Microsoft_Entra_ID.html Sean's first draft guide: https://community.jamf.com/t5/jamf-pro/configure-platform-single-sign-on-pssoe-for-microsoft-entra-id/td-p/320252 Configure Kerberos SSO with Microsoft Entra PSSO - https://community.jamf.com/t5/jamf-pro/configure-kerberos-sso-for-microsoft-entra-platform-single-sign/m-p/323781#M278609 Some sample .mobileconfig files for you to modify - https://github.com/sean-rabbitt/jnuc-2024 Configure PSSOe for Okta Identity Engine https://community.jamf.com/t5/jamf-pro/configure-platform-single-sign-on-for-okta-identity-engine-with/m-p/3204
Hey folks, I worked on a script to deploy Autodesk 2026 (the one that uses the named user licenses). We don’t teach Mudbox, so that isn’t in the script...but Maya and AutoCAD is (along with Darwin..what a PIA to get working). I packaged the apps and deployed to /private/tmp/AutodeskApps… I have a lot of logging left in the script as Darwin is a royal pain and can fail at many different steps. I also made use of a lot of variables to hopefully make updating in the future easier. Oh, also did it in zsh.Hope you all find it useful, or at the very least, a good jumping off point!#!/bin/zshset -euo pipefail############################# VARIABLES############################YEAR="2026"TMP="/private/tmp"APP_TMP="${TMP}/AutodeskApps"LOG="/var/log/autodesk2026_install.log"DMG_LIST=( "Autodesk_Maya_2026_1_Update_ML_macOS.dmg" "Darwin.dmg" "AdskIdentityManager-UCT-Installer.dmg" "Autodesk_AutoCAD_2026_macOS.dmg")PKG_FILE="AdskLicensing-15.4.0.13093-mac-installer.pkg"INSTALL_SUMMARY=()log() {
Hello,I just set up SSO in Jamf Account.I'm not sure where I need to grant administrator privileges to your Identity Provider (IdP) to configure a connected app and assign the relevant users and groups.
When adding apps to Self Service (or even Self Service+) via Mac Apps, the applications descriptions are in German. I’ve ensured that English is set to the preferred language and enabled location service. This is being run on a test VM but I can’t for the life of me figure out why this would be the case?
Hi everyone, I’m currently exploring the possibility of deploying Jamf Connect in our organisation. I have setup the SSO in Jamf Account to point to our EntraID tenant and it’s working fine to login users in both Jamf Account and Jamf Pro Cloud. All the documentation seems to suggest that I need to configure another app in Entra ID to allow Jamf Connect to authenticate users but since Jamf has introduced the Jamf Account OIDC SSO to try and harmonise things, I’m wondering if I can just point Jamf Connect at that rather than creating a new app. Can this be done or am I misunderstanding how the OIDC SSO connection works in Jamf Account? Thanks,Kieran
I’ve got a weird issue with MS Defender Configuration Profiles applying/Un-applying intermittently. As part of our enrollment process we install MS Defender and apply Configuration Profiles. This has been working fine for close to 12months.Now for some reason even though the Configuration Profiles are still applying (You can see them in Device Management). The configuration doesn’t always apply even when it does apply the settings can stop taking affect shortly afterwards.Device Management still has the Configuration Policies applied.I’ve tried downloading fresh configurations, onboarding etc. from Microsoft with exactly the same result. Has anyone else seen this?
HI Jamf Nation,I was wondering if there is already a Jamf Group dedicated to Mac admins in the LATAM region. I might have missed it, or perhaps it hasn’t been created yet. If it doesn’t exist, I’d love to explore how I could start one to help foster conversations and collaboration among admins based outside the US and APAC.Thanks again for all your support, and best of luck with the new Jamf Nation experience.
Hey folks—big thanks to everyone who came to July’s LaunchPad! Tony Young (Akima) broke down the key stuff from WWDC25 that actually matters for Jamf admins.If you missed it, you can still catch the replay here:📺 YouTube: https://youtu.be/Uhcjohq_6gc🍎 Podcast: https://podcasts.apple.com/us/podcast/wwdc-25-recap-for-jamf-admins/id1668513047?i=1000717011903🔗 More info: https://rkmn.tech/j-launchpad-resources
We wanted to share a few updates about new features in Jamf Account that improve SSO management and troubleshooting, as well as new documentation resources for enabling OIDC authentication for platform services.A new Jamf Account Release History section in our Learning Hub details several improvements:A new "Authorize URL" button for Google Workspace OIDC connections, enabling consistent group support across organization types Login History tab under Profile, allowing you to view authentication history and ID tokens when using an IdP Enhanced error handling with unique reference UUIDs for failed SSO attemptsTo help customers migrate to OIDC, we've published a SAML to OIDC Migration Guide that walks through adopting OIDC-based workflows.The Understanding SSO Authentication Methods guide helps address common questions about IdP choices, OIDC benefits, and authentication options. It includes visual breakdowns of both SAML-based and OIDC-based authentication methods to demonstrate how vari
We recently migrated to Jamf Cloud and using Azure AD as our Cloud Identity Provider and Single Sign-On solution. It works well enough, but we have a weird situation. We're sticking pretty close to Microsoft's documentation on it, which can be found here.By default, the iDP maps userPrincipalName as the username. That's a full email address in our environment, so we want to use onPremisesSamAccountName instead. That works fine in the iDP in both testing and looking up users/accounts.We also need user authentication during the initial device enrollment via DEP. We've gotten that added in by adding an Enrollment Customization that is just the SSO.Here's where it gets dumb. If we now enroll a machine while the User Name mapping is set to onPremisesSamAccountName, the SSO during enrollment registers the device to just the userPrincipalName with no other user data. The Pre-Fill Primary Account Information only puts in the userPrincipalName as the Us
Question for how/if we have controls to deploy a specific app version to iPads. We have a couple applications we use and work closely with the developer and schedule when we make the update available on our EFB iPads. We use the check boxes ‘Schedule Jamf Pro to automatically check the App Store for app updates’ and ‘Force App Update’ to accomplish this. Today is the first time we noticed a different version was installed than what Jamf Pro is reporting as available.This is what is showing under Mobile Device Apps.Does it always install the newest version of what’s available in the Apple store via Self Service regardless of what Jamf Pro is reporting? When looking at the Inventory for the iPad we see that 10.5.1 was installed.
CIS 1 Allow Touch ID to unlock your mac what needs to be deactivated?Hi Hope you can help, how do we allow users to use Touch ID rather than the full password each time sleep is activated. What needs to be unticked in the list of Managed Rules in compliance?Thanks
Hi,I recently set up a new Windows Distribution Point and am now trying to connect to it via the Jamf Sync App, but cannot get a connection. I see the DP in jamf sync, but it only asks for a password, not for a username. No matter what password I use I always get the error Message “Failed to load the … distribution point: cannotGetFileList” Unfortunately the new jamf support is pretty useless as there is not more option for me to communicate in english. All communication is automatically translated to german, but the translation is not that good so I often dont quite get what the supporter wants to tell me. Just english would be much better for me.
Hi all,I try to create a user level configuration profile for ethernet (for 802.1x LAN authentication).So basically, the same we already use for WiFi.We currently use a computer lvl profile, which works without issues. But have to change it to user lvl because of the strong auth change Microsoft enforces soon.The settings should work but as soon as I click on save, the network payload vanishes. Without an error or any explanation… As said before, the WiFi profile (also user lvl) works like a charm.Any tips on why this might happen?BR Thomas
We've followed the steps given in this guide (https://www.jamf.com/blog/help-users-activate-microsoft-office-365-and-configure-outlook-in-one-click/) but when we launch Outlook, our email address isn't automatically populated like it is here. Has anyone else experienced this? If so, what was your workaround? Any advice would be much appreciated! Thanks in advance!
Hi folks, I’m trying to find a way to report (at the very least) which of our devices have Jamf Connect enabled in System Prefs>Privacy & Security>Local Network. Based on my investigation, it seems like SIP/Apple blocks this particular preference from being viewed or modified by MDM’s (on macOS 15+). I have seen similar discourse around the weekly system prompts for Camera/Screen recording and some solutions there, but nothing for this. I am preparing to upgrade all of our Macs to Sequoia 15.5, about ~80 computers. My org uses Entra for login + network drives and I’ve found that end-users on Sequoia that don’t have this enabled have issues with password sync and accessing the drives. Grateful for any input or advice!
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
