Question

Add MFA to JAMF Admin sign in process?

Forum|Forum|4 years ago
September 14, 2021
8 replies
99 views

VintageMacGuy
Valued Contributor

I am looking for a way to get MFA added to the sign in for JAMF's web interface for JAMF Admins. Just the company.jamf.com site - not the Macs we manage. And not for any Mac users - just admins signing in to the site.

JAMF Connect may do this - but here is the catch. For compliance reasons we will not connect JAMF Admin accounts into any directory service like AD or AAD. They need to be stand alone, local, JAMF accounts. No LDAP.

Ideally an extra column would be added to the JAMF Users list to hold a cell phone number, which would be used to send a random PIN, which is then asked for upon sign in. That would meet our MFA requirements. That's all we need.

I don't think anything like this currently exists. Is there another way to get there that is not involving buying a few hundred seat license of JAMF Connect to get one feature for a handful of admins to get MFA added, plus setting up and maintaining a whole other directory service for a few admin users?

+10

junjishimazaki
New Contributor
Forum|Forum|4 years ago
September 14, 2021

@VintageMacGuy Jamf Connect functionality is to sync/create user accounts/password on the Mac not authenticating to the Jamf Pro web server. But, as you found out Jamf does not have a built-in function to enable MFA unless you first authenticate through an IDP/SSO.

+20

Tribruin
Honored Contributor
Forum|Forum|4 years ago
September 14, 2021

I am pretty sure there is an FR for MFA for local Jamf Pro accounts, not tied to a Cloud IdP. But, I think Jamf' stance is that it is available by integrating Okta or Azure, so a local option is not necessary.

VintageMacGuy
Author
Valued Contributor
Forum|Forum|4 years ago
September 14, 2021

Seems like we are slipping through the cracks on this one.

+11

mickl089
Valued Contributor
Forum|Forum|4 years ago
October 5, 2021

I need also this function.... no chance to get MFA for the admin login?

Mbantz
New Contributor
Forum|Forum|3 years ago
April 8, 2022

I need also this function.... no chance to get MFA for the admin login?

I also need this function too. Creating an interface to Google authenticator og Microsoft authenticator would be much appreciated

+11

mickl089
Valued Contributor
Forum|Forum|3 years ago
May 5, 2022

I also need this function too. Creating an interface to Google authenticator og Microsoft authenticator would be much appreciated

there is a function for this, but a little bit tricky to install / Setup:

https://yourcompany.jamfcloud.com/view/settings/system/sso

Just try it, we got this working with azure connectivity!

Mbantz
New Contributor
Forum|Forum|3 years ago
May 18, 2022

there is a function for this, but a little bit tricky to install / Setup:

https://yourcompany.jamfcloud.com/view/settings/system/sso

Just try it, we got this working with azure connectivity!

We do not have an Azure AD, please advise how to set up MFA without Azure.

I still recommend Jamf to implement the simple MFA setup as all other sites do,

hope it will be implemented soon.

+20

Tribruin
Honored Contributor
Forum|Forum|3 years ago
May 20, 2022

We do not have an Azure AD, please advise how to set up MFA without Azure.

I still recommend Jamf to implement the simple MFA setup as all other sites do,

hope it will be implemented soon.

I don't see Jamf adding basic MFA anytime soon. Whenever this question has come up, they point back to their SSO options with Azure, Okta, Ping, Google, etc. That covers a vast majority of the Identity providers and eliminates the need for creating a separate MFA process.

Do you use ANY identity provider for other internal resources. Since MFA is a concern, I would suspect you have an IdP.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded