Skip to main content

Suddenly, as of a few days ago, users are prompted on every login to allow Jamf Connect to access their Google accounts. They need to scroll down and click Allow every time.

The only thing that's changed recently that I'm aware of is that Jamf Connect version 2.35 went out just before the issue appeared. I tried rolling back on a test device with no luck though. Laptops are all on at least 14.4.1 of Sonoma.

I found two old posts with a similar issue, but neither state what actually fixed the issue: Old post 1 and old post 2 

 

Any updates?


Nothing from JAMF on my end. They closed the ticket stating they're still researching.

Google support was no help.

I just ran into this today. The workaround of using a domain name seems to work. It would be great to get something official from JAMF or Google on it though.

Maybe something?

 

https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F162106%3Fhl%3Den&assistant_id=generic-unu&product_context=162106&product_name=UnuFlow&trigger_context=a

 

 

In google admin console: https://admin.google.com/ac/owl 

 

Funnily enough, I just tried the Domain-wide delegation bit today but with no change :(

I added the ID from the existing OAuth config we had whitelisted in Third Party App Access in Google admin and added the same 3 scopes to the domain wide delegation config but no joy!

The suggestion I got back from Google was to add the client ID for Jamf Connect to the domain wide API delegation in Google Admin, which really feels like quite a sledge hammer approach to it. Haven't tested it yet because it's such a big change I need some approvals before having a go. 


did they say which scopes would need to be added and allowed?

I have forwarded your solution to Google support as well, as this seems to possibly be a Google Cloud change, not liking 127.0.0.1


Spoke with someone in person from Jamf and the solution above is the correct solution. You must change your URI to point to a valid FQDN, but one that will not answer or redirect. Google is not likely to change their URI requirement and pointing to any valid site that does not answer the redirect request is all that the Jamf Connect needs to work. According to the Jamf employee I spoke with, the documentation for setting up Jamf Connect will be updated in the near future to reflect this change.

Spoke with someone in person from Jamf and the solution above is the correct solution. You must change your URI to point to a valid FQDN, but one that will not answer or redirect. Google is not likely to change their URI requirement and pointing to any valid site that does not answer the redirect request is all that the Jamf Connect needs to work. According to the Jamf employee I spoke with, the documentation for setting up Jamf Connect will be updated in the near future to reflect this change.


Alright, that's great news, waiting for official communication before making any changes.

I'm having trouble understanding Jamf. They are selling a comprehensive product, but I've received information about multiple Jamf Pro bugs (including Jamf Connect) that haven't even reached the development stage. I'm frustrated with the quick fixes and assurances provided to customers.

here we go: https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Suppressing_Google_Consent_Prompts_in_the_Jamf_Connect_Login_Window.html

Reply


Terms & ConditionsCookie settings