Skip to main content

Has anyone ever tried preventing the MFA requirement each time your user's log into Self Service with their corporate account?  We as techs usually set up laptops for users to a certain extent and its been kind of a pain to have the user verify for us every time.  In our environment MFA is required every hour or so with the self service app.

We have conditional access policies in place and use plists for such applications like chrome to surpress these MFA prompts but was wondering if we could do the same for Self Service.


Thank you

You need to do this on your IDP, update the policy to not require MFA in certain situations. One issue I have with Jamf and how it handles this, Self Service and the Jamf Console use the same SSO integration. So any changes you make that impact SS, will also impact logging in to Jamf Pro. IMO SS and Jamf Pro's console log ins should be totally separate. 

You need to do this on your IDP, update the policy to not require MFA in certain situations. One issue I have with Jamf and how it handles this, Self Service and the Jamf Console use the same SSO integration. So any changes you make that impact SS, will also impact logging in to Jamf Pro. IMO SS and Jamf Pro's console log ins should be totally separate. 


Thank you for your info.  I was hoping the app would have some sort of integration with the kerberos SSO extension.  Maybe it does and i still need to play around with it.  Our Chrome browser for example I can sign in to the Jamf console without having to use MFA because i am enrolled with entraID/intune integration and marked as compliant.  With the use of kerberos SSO extension and custom chrome plist we can log in without MFA as long as the device is trusted.

Reply


Terms & ConditionsCookie settings