Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
La Maison Carpentry delivers custom interiors and expert renovations in Singapore. Build your dream home today using our premium materials and craftsmanship.
Hi everyone, I’m currently exploring the possibility of deploying Jamf Connect in our organisation. I have setup the SSO in Jamf Account to point to our EntraID tenant and it’s working fine to login users in both Jamf Account and Jamf Pro Cloud. All the documentation seems to suggest that I need to configure another app in Entra ID to allow Jamf Connect to authenticate users but since Jamf has introduced the Jamf Account OIDC SSO to try and harmonise things, I’m wondering if I can just point Jamf Connect at that rather than creating a new app. Can this be done or am I misunderstanding how the OIDC SSO connection works in Jamf Account? Thanks,Kieran
When adding apps to Self Service (or even Self Service+) via Mac Apps, the applications descriptions are in German. I’ve ensured that English is set to the preferred language and enabled location service. This is being run on a test VM but I can’t for the life of me figure out why this would be the case?
Hello All, can you someone guide me how to set different images for login screen and desktop wallpaper. i fine to create 2 different policies in Jamf. Thanks,Santosh
HI Jamf Nation,I was wondering if there is already a Jamf Group dedicated to Mac admins in the LATAM region. I might have missed it, or perhaps it hasn’t been created yet. If it doesn’t exist, I’d love to explore how I could start one to help foster conversations and collaboration among admins based outside the US and APAC.Thanks again for all your support, and best of luck with the new Jamf Nation experience.
Hey folks—big thanks to everyone who came to July’s LaunchPad! Tony Young (Akima) broke down the key stuff from WWDC25 that actually matters for Jamf admins.If you missed it, you can still catch the replay here:📺 YouTube: https://youtu.be/Uhcjohq_6gc🍎 Podcast: https://podcasts.apple.com/us/podcast/wwdc-25-recap-for-jamf-admins/id1668513047?i=1000717011903🔗 More info: https://rkmn.tech/j-launchpad-resources
We wanted to share a few updates about new features in Jamf Account that improve SSO management and troubleshooting, as well as new documentation resources for enabling OIDC authentication for platform services.A new Jamf Account Release History section in our Learning Hub details several improvements:A new "Authorize URL" button for Google Workspace OIDC connections, enabling consistent group support across organization types Login History tab under Profile, allowing you to view authentication history and ID tokens when using an IdP Enhanced error handling with unique reference UUIDs for failed SSO attemptsTo help customers migrate to OIDC, we've published a SAML to OIDC Migration Guide that walks through adopting OIDC-based workflows.The Understanding SSO Authentication Methods guide helps address common questions about IdP choices, OIDC benefits, and authentication options. It includes visual breakdowns of both SAML-based and OIDC-based authentication methods to demonstrate how vari
We recently migrated to Jamf Cloud and using Azure AD as our Cloud Identity Provider and Single Sign-On solution. It works well enough, but we have a weird situation. We're sticking pretty close to Microsoft's documentation on it, which can be found here.By default, the iDP maps userPrincipalName as the username. That's a full email address in our environment, so we want to use onPremisesSamAccountName instead. That works fine in the iDP in both testing and looking up users/accounts.We also need user authentication during the initial device enrollment via DEP. We've gotten that added in by adding an Enrollment Customization that is just the SSO.Here's where it gets dumb. If we now enroll a machine while the User Name mapping is set to onPremisesSamAccountName, the SSO during enrollment registers the device to just the userPrincipalName with no other user data. The Pre-Fill Primary Account Information only puts in the userPrincipalName as the Us
Return to service is a feature released by Apple in iOS 17, as a part of the Device Wipe commands already available. It allows for a device to retain a wifi profile while completely wiping all other data. In the past, wiped devices required human interaction to connect them to wifi upon the next setup. With Return to Service that is no longer a requirement. Devices can now be wiped and sent through the setup assistant with no human interaction at all.Jamf provides an API endpoint that allows developers to implement this feature into their own workflows. Benefits Automated Device ManagementEliminates manual setup steps Reduces IT administrative overhead Maintains continuous device managementEnhanced User ExperienceStreamlined device transitions No manual configuration needed Immediate device availability Consistent setup processOperational EfficiencyReduced downtime during resets Simplified deployment workflowsUse Cases Educational Shared iPad Programs Quick reset between students Maint
Hello,on macOS 14, With PPPC Utility, i want to create a profil who allow the usage of camera and microphone on an .app. But when i open PCCC Utility or make it across web admin from Jam, there is not “Allow” option available in the select field.I read that the application must be without hardened runtime, but if i remove the hardened runtime, the app can’t be export via “Archive” → “Direct distribution”.Any idea ?
Question for how/if we have controls to deploy a specific app version to iPads. We have a couple applications we use and work closely with the developer and schedule when we make the update available on our EFB iPads. We use the check boxes ‘Schedule Jamf Pro to automatically check the App Store for app updates’ and ‘Force App Update’ to accomplish this. Today is the first time we noticed a different version was installed than what Jamf Pro is reporting as available.This is what is showing under Mobile Device Apps.Does it always install the newest version of what’s available in the Apple store via Self Service regardless of what Jamf Pro is reporting? When looking at the Inventory for the iPad we see that 10.5.1 was installed.
CIS 1 Allow Touch ID to unlock your mac what needs to be deactivated?Hi Hope you can help, how do we allow users to use Touch ID rather than the full password each time sleep is activated. What needs to be unticked in the list of Managed Rules in compliance?Thanks
Hi,I recently set up a new Windows Distribution Point and am now trying to connect to it via the Jamf Sync App, but cannot get a connection. I see the DP in jamf sync, but it only asks for a password, not for a username. No matter what password I use I always get the error Message “Failed to load the … distribution point: cannotGetFileList” Unfortunately the new jamf support is pretty useless as there is not more option for me to communicate in english. All communication is automatically translated to german, but the translation is not that good so I often dont quite get what the supporter wants to tell me. Just english would be much better for me.
Hi all,I try to create a user level configuration profile for ethernet (for 802.1x LAN authentication).So basically, the same we already use for WiFi.We currently use a computer lvl profile, which works without issues. But have to change it to user lvl because of the strong auth change Microsoft enforces soon.The settings should work but as soon as I click on save, the network payload vanishes. Without an error or any explanation… As said before, the WiFi profile (also user lvl) works like a charm.Any tips on why this might happen?BR Thomas
We've followed the steps given in this guide (https://www.jamf.com/blog/help-users-activate-microsoft-office-365-and-configure-outlook-in-one-click/) but when we launch Outlook, our email address isn't automatically populated like it is here. Has anyone else experienced this? If so, what was your workaround? Any advice would be much appreciated! Thanks in advance!
Hi folks, I’m trying to find a way to report (at the very least) which of our devices have Jamf Connect enabled in System Prefs>Privacy & Security>Local Network. Based on my investigation, it seems like SIP/Apple blocks this particular preference from being viewed or modified by MDM’s (on macOS 15+). I have seen similar discourse around the weekly system prompts for Camera/Screen recording and some solutions there, but nothing for this. I am preparing to upgrade all of our Macs to Sequoia 15.5, about ~80 computers. My org uses Entra for login + network drives and I’ve found that end-users on Sequoia that don’t have this enabled have issues with password sync and accessing the drives. Grateful for any input or advice!
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
