Skip to main content
Question

Self Service SSO issue

  • November 7, 2024
  • 5 replies
  • 87 views
L
Forum|alt.badge.img+6

Hi All, 

 

I have issue with login into Self Service with SSO, I am able to login to access the login process, but once I approve my MFA it doesn't approve my access, does anyone have any information this process?

 

 

    5 replies

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • November 7, 2024

    Does SSO work when logging in to the Jamf Console? If it does you are likely looking at an attribute mapping issue between your IDP and Jamf Pro's SSO configuration.

    L
    Forum|alt.badge.img+6
    • Lion55
    • Author
    • Contributor
    • November 7, 2024

    Does SSO work when logging in to the Jamf Console? If it does you are likely looking at an attribute mapping issue between your IDP and Jamf Pro's SSO configuration.


    Hi @AJPinto

     

    Yes my SSO works with Jamf Console, My IDP is Entra have you got any steps for the setup?

    Thanks in Advance!

    AJPinto
    Forum|alt.badge.img+26
    • AJPinto
    • Legendary Contributor
    • November 7, 2024

    Hi @AJPinto

     

    Yes my SSO works with Jamf Console, My IDP is Entra have you got any steps for the setup?

    Thanks in Advance!


    We use Okta, the best I can suggest is going back through your Jamf settings (SSO > SAML IdP User Mapping and Cloud Identity Provider > "connection name" > Mappings) and Entra settings to make sure the mappings are what is expected. By default Jamf uses the Username mapping for Self Service, and that must map back to the UPN or ID@domain.com (if I remember correctly) to work).

     

    https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Single_Sign-On.html

    S
    Forum|alt.badge.img+7
    • sudoErase
    • Contributor
    • November 12, 2024

    We use Okta, the best I can suggest is going back through your Jamf settings (SSO > SAML IdP User Mapping and Cloud Identity Provider > "connection name" > Mappings) and Entra settings to make sure the mappings are what is expected. By default Jamf uses the Username mapping for Self Service, and that must map back to the UPN or ID@domain.com (if I remember correctly) to work).

     

    https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Single_Sign-On.html


    As AJPinto said.
    Adding additional link for you to use (Specific for Entra)
    https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html

     

    GCozy
    • GCozy
    • New Contributor
    • August 11, 2025

    We had the same issue and we were using Shib for our SSO. Everywhere else was letting us do SSO (enrollment, jamf pro server) but not self service. I went digging and found a setting that enabled it for us without changing the group mappings as that was already working for us with dev and prod for the sign on experience.

     

    Look under Settings>Self Service and change the login to SSO. Once we did this we saw the SSO experience in the Self Service app.

     

     

    Terms & ConditionsCookie settingsAccessibility statement