Real talk, real tools and real-time support from people who get it.
Get answers from fellow admins
Find your way around
Share your thoughts
Submit your idea
We wanted to share a few updates about new features in Jamf Account that improve SSO management and troubleshooting, as well as new documentation resources for enabling OIDC authentication for platform services.A new Jamf Account Release History section in our Learning Hub details several improvements:A new "Authorize URL" button for Google Workspace OIDC connections, enabling consistent group support across organization types Login History tab under Profile, allowing you to view authentication history and ID tokens when using an IdP Enhanced error handling with unique reference UUIDs for failed SSO attemptsTo help customers migrate to OIDC, we've published a SAML to OIDC Migration Guide that walks through adopting OIDC-based workflows.The Understanding SSO Authentication Methods guide helps address common questions about IdP choices, OIDC benefits, and authentication options. It includes visual breakdowns of both SAML-based and OIDC-based authentication methods to demonstrate how vari
Hi everyone, I’m currently exploring the possibility of deploying Jamf Connect in our organisation. I have setup the SSO in Jamf Account to point to our EntraID tenant and it’s working fine to login users in both Jamf Account and Jamf Pro Cloud. All the documentation seems to suggest that I need to configure another app in Entra ID to allow Jamf Connect to authenticate users but since Jamf has introduced the Jamf Account OIDC SSO to try and harmonise things, I’m wondering if I can just point Jamf Connect at that rather than creating a new app. Can this be done or am I misunderstanding how the OIDC SSO connection works in Jamf Account? Thanks,Kieran
We recently migrated to Jamf Cloud and using Azure AD as our Cloud Identity Provider and Single Sign-On solution. It works well enough, but we have a weird situation. We're sticking pretty close to Microsoft's documentation on it, which can be found here.By default, the iDP maps userPrincipalName as the username. That's a full email address in our environment, so we want to use onPremisesSamAccountName instead. That works fine in the iDP in both testing and looking up users/accounts.We also need user authentication during the initial device enrollment via DEP. We've gotten that added in by adding an Enrollment Customization that is just the SSO.Here's where it gets dumb. If we now enroll a machine while the User Name mapping is set to onPremisesSamAccountName, the SSO during enrollment registers the device to just the userPrincipalName with no other user data. The Pre-Fill Primary Account Information only puts in the userPrincipalName as the Us
Return to service is a feature released by Apple in iOS 17, as a part of the Device Wipe commands already available. It allows for a device to retain a wifi profile while completely wiping all other data. In the past, wiped devices required human interaction to connect them to wifi upon the next setup. With Return to Service that is no longer a requirement. Devices can now be wiped and sent through the setup assistant with no human interaction at all.Jamf provides an API endpoint that allows developers to implement this feature into their own workflows. Benefits Automated Device ManagementEliminates manual setup steps Reduces IT administrative overhead Maintains continuous device managementEnhanced User ExperienceStreamlined device transitions No manual configuration needed Immediate device availability Consistent setup processOperational EfficiencyReduced downtime during resets Simplified deployment workflowsUse Cases Educational Shared iPad Programs Quick reset between students Maint
Hello All, can you someone guide me how to set different images for login screen and desktop wallpaper. i fine to create 2 different policies in Jamf. Thanks,Santosh
Hello,on macOS 14, With PPPC Utility, i want to create a profil who allow the usage of camera and microphone on an .app. But when i open PCCC Utility or make it across web admin from Jam, there is not “Allow” option available in the select field.I read that the application must be without hardened runtime, but if i remove the hardened runtime, the app can’t be export via “Archive” → “Direct distribution”.Any idea ?
**Update regarding NFL and minor cleanup as of May 20, 2025** Hey Jamf Nation! JNUC 2025 is coming up at the Colorado Convention Center, and it’s time to start planning your Colorado adventure. Many of us are traveling from afar (I’m from Canada!), so I’ve compiled a list of fun activities to make the most of your trip. Locals, please chime in with your insider tips! JNUC Highlights: JNUC Party: The Wednesday bash is always a blast—think music, food, and networking. Don’t miss it! Vendor Parties: Free drinks, finger food, and epic giveaways (someone won an Apple Vision Pro last year!). Jamf Heroes: Not sure about 2025 plans, but check Jamf Nation for updates on this exclusive meetup. JNUC Info: JNUC 2025 Homepage | JNUC Overview Sports: Colorado Avalanche (NHL): I’m hoping to catch a game at Ball Arena! The 2025-2026 schedule drops in June/July. Check NHL.com or BallArena.com. Denver Broncos (NFL): Denver Broncos play in Philadelphia on Oct 5th, so no games. See NFL.com. Colorado Ro
Hi,I would like to create a deployment for Maya 2025 based on the topic for 2024:https://community.jamf.com/t5/jamf-pro/packaging-autodesk-maya-2024-with-redundant-license-servers/m-p/298743I've found a .app installer in the Contents of the installer:/tmp/maya2025/AdskIdentityManager/AdskIdentityManager-Installer.app This app opens an installation wizard. How can I execute this (after the PKG installs) in silent mode?Thank you.
Heya awesome Mac admins! I am still relatively new to this whole Jamf thing and looking into setting up Jamf Setup Manager to install our apps before the user reaches the desktop. I am trying to follow guides and getting hung up quite a bit on step 1 of most them, “package Setup Manager”. This is kind of a loaded step. I have tried several ways of doing this. I have packaged the zip, which didn’t work. I have extracted the .zip to the desktop and then packaged, didn’t work. I have tried putting the extracted zip in different folders, then packaging from there with Composer, didn’t work. How the heck do I package this thing for deployment? The configuration from Jamf Pro is relatively straightforward, I just need some help making sure the actual files are in the proper places.
Question for how/if we have controls to deploy a specific app version to iPads. We have a couple applications we use and work closely with the developer and schedule when we make the update available on our EFB iPads. We use the check boxes ‘Schedule Jamf Pro to automatically check the App Store for app updates’ and ‘Force App Update’ to accomplish this. Today is the first time we noticed a different version was installed than what Jamf Pro is reporting as available.This is what is showing under Mobile Device Apps.Does it always install the newest version of what’s available in the Apple store via Self Service regardless of what Jamf Pro is reporting? When looking at the Inventory for the iPad we see that 10.5.1 was installed.
When adding apps to Self Service (or even Self Service+) via Mac Apps, the applications descriptions are in German. I’ve ensured that English is set to the preferred language and enabled location service. This is being run on a test VM but I can’t for the life of me figure out why this would be the case?
CIS 1 Allow Touch ID to unlock your mac what needs to be deactivated?Hi Hope you can help, how do we allow users to use Touch ID rather than the full password each time sleep is activated. What needs to be unticked in the list of Managed Rules in compliance?Thanks
Hi,I recently set up a new Windows Distribution Point and am now trying to connect to it via the Jamf Sync App, but cannot get a connection. I see the DP in jamf sync, but it only asks for a password, not for a username. No matter what password I use I always get the error Message “Failed to load the … distribution point: cannotGetFileList” Unfortunately the new jamf support is pretty useless as there is not more option for me to communicate in english. All communication is automatically translated to german, but the translation is not that good so I often dont quite get what the supporter wants to tell me. Just english would be much better for me.
Hi all,I try to create a user level configuration profile for ethernet (for 802.1x LAN authentication).So basically, the same we already use for WiFi.We currently use a computer lvl profile, which works without issues. But have to change it to user lvl because of the strong auth change Microsoft enforces soon.The settings should work but as soon as I click on save, the network payload vanishes. Without an error or any explanation… As said before, the WiFi profile (also user lvl) works like a charm.Any tips on why this might happen?BR Thomas
We've followed the steps given in this guide (https://www.jamf.com/blog/help-users-activate-microsoft-office-365-and-configure-outlook-in-one-click/) but when we launch Outlook, our email address isn't automatically populated like it is here. Has anyone else experienced this? If so, what was your workaround? Any advice would be much appreciated! Thanks in advance!
Hi folks, I’m trying to find a way to report (at the very least) which of our devices have Jamf Connect enabled in System Prefs>Privacy & Security>Local Network. Based on my investigation, it seems like SIP/Apple blocks this particular preference from being viewed or modified by MDM’s (on macOS 15+). I have seen similar discourse around the weekly system prompts for Camera/Screen recording and some solutions there, but nothing for this. I am preparing to upgrade all of our Macs to Sequoia 15.5, about ~80 computers. My org uses Entra for login + network drives and I’ve found that end-users on Sequoia that don’t have this enabled have issues with password sync and accessing the drives. Grateful for any input or advice!
I have Jamf connect configured with entra ID and requires authentication with their network account at each restart. My users are unable to sign into their macs offline because the account cannot authenticate with microsoft. Is this a setting within jamf connect that I can change to allow a local account to pass through when not connected to internet?
Earn a cool badge and Jamf Nation Reward Bytes for your published articles. We’re looking forward to your submissions!
Learn about our customer advocacy program that celebrates our most passionate customers.
Join the community to receive product updates, and share feedback.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.
