Skip to main content
Solved

Compliance Benchmarks - OIDC mandatory only during the beta ?

  • December 18, 2024
  • 3 replies
  • 1 view

mpuyet
Forum|alt.badge.img+5

Hello Team

From my understanding and different tests, Compliance panel is accessible only if OIDC has been enabled on the Jamf Pro Single sign-on configuration.

Arg ! Domain verification 🥶 (how to.. request 4 validations process in a day)

Skip it, and just use Jamf account without IDP.. not secure but it's beta instance.

Is it something you are going to remove after the Beta ?

Indeed, i do not understand the use case : security ?

I do not think to be the only one, my Jamf Pro console access is secure by an IDP. 

  • I cannot explain to my Identity Teams: that we need to connect the IDP to Jamf Account website, to list users that need also to be listed on Jamf Pro, which need to be allowed in the IDP app access...🥴 to allow admins to connect on the Jamf Pro console. the answer will be : we already have a process in place which is secure and works as expected, why do we have to add another party. 
  • i cannot explain to my Security Teams: that we are going to use a new process, not more secure, and which is not covered by the legal agreements we have for Jamf Pro.
  • i cannot explain to myself: that i will need to manage 150 Jamf ID for my colleagues.

Could you please clarify ?

Guys, tell me if you do not think the same and that it's better to authenticate our consoles through Jamf Account ?

Best answer by JanVozenilek85

Please refer to the post from Christie for more SSO related information: https://community.jamf.com/t5/jamf-pro-11-13-0-beta/sso-prerequisite-for-compliance-benchmarks-and-other-new-features/m-p/337715/highlight/true#M19

3 replies

Forum|alt.badge.img+18
  • Honored Contributor
  • December 19, 2024

@mpuyet you're definitely not alone... your thoughts are 100% replicating my own... would be ok for beta, but definitely not for prod. 


JanVozenilek85
Forum|alt.badge.img+9

Thank you for your enthusiasm to test Compliance benchmark in Jamf Pro @mpuyet!

The requirement to use Jamf SSO does indeed apply to the Compliance module and will be a prerequisite for more shared capabilities, that are built in platform, and delivered via Jamf Pro (and/or other Jamf MDMs later). It enables the M2M authentication, loading and embedding the UI into the Pro console etc.

There are always 2 options: use or own IDP, or use Jamf ID. Both will work equally in terms on enabling the shared capabilities (e.g. Compliance). You can use one for Beta (Jamf ID is typically an easier choice there), and another in Prod (where using your existing IDP with Account typically makes most sense).

Let me reach out to the Jamf SSO team to provide more details and possibly reach out to you directly to understand the use case.


JanVozenilek85
Forum|alt.badge.img+9