- Jamf Nation Community
- Products
- Jamf Connect
- jamf connect 403 forbidden error
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-27-2023 11:42 AM
since implementing jamf connect, we keep randomly getting 403 forbidden errors after trying to login (we use azure). has anyone else ever run into this before? we're not sure if it's on the jamf side or the azure side that's causing the issue.
Solved! Go to Solution.
Labels:
- Labels:
-
Jamf Connect
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-28-2023 05:40 AM
The 403 forbidden is a server response (from Azure in this case), you don't have permissions to do what you are trying to do. My guess is you have not setup the JAMF Connect app in Azure correctly, or did not put the correct information in the JAMF Connect configuration profile.
What I would do.
- Review the Configuration Profile. Make sure the OIDC Client ID, ROPG Client ID, Tenant, and other information are all correct.
- If the Configuration profile is correct. Make sure the integration is setup correctly in Entra and that no Conditional Access blocks are tripping you up.
- Make sure there are no firewall or SSL redirections getting in the middle of traffic between the Mac and Entra (the Mac does not talk to JAMF Pro at this step)
- Check JAMF Connect logs, and Entras Access Logs.
By and large JAMF Connect is a stupidly simple product. It consists of a .app you deploy and a configuration profile. You can't screw up the app deployment. That configuration profile, which tells the login and menu bar functions what IDP to talk to and what the client ID's are. If you screw up the configuration profile, then Entra will not accept communication. Outside of that, EVERYTHING is on your IDP and network side.
Jamf Learning Hub - How to get JAMF connect logs
Reply
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-28-2023 04:06 AM
@asuneson experiencing random 403 forbidden errors with Jamf Connect during logins through Azure can be perplexing. To troubleshoot this, consider checking the configuration settings both on the Jamf Connect and Azure sides. Ensure that the permissions and authentication settings are correctly configured in Azure, and verify that the Jamf Connect settings align with your Azure configuration. It's advisable to review any conditional access policies or security configurations in Azure that might be impacting the authentication process.
Good luck!
jamf man
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-28-2023 05:40 AM
The 403 forbidden is a server response (from Azure in this case), you don't have permissions to do what you are trying to do. My guess is you have not setup the JAMF Connect app in Azure correctly, or did not put the correct information in the JAMF Connect configuration profile.
What I would do.
- Review the Configuration Profile. Make sure the OIDC Client ID, ROPG Client ID, Tenant, and other information are all correct.
- If the Configuration profile is correct. Make sure the integration is setup correctly in Entra and that no Conditional Access blocks are tripping you up.
- Make sure there are no firewall or SSL redirections getting in the middle of traffic between the Mac and Entra (the Mac does not talk to JAMF Pro at this step)
- Check JAMF Connect logs, and Entras Access Logs.
By and large JAMF Connect is a stupidly simple product. It consists of a .app you deploy and a configuration profile. You can't screw up the app deployment. That configuration profile, which tells the login and menu bar functions what IDP to talk to and what the client ID's are. If you screw up the configuration profile, then Entra will not accept communication. Outside of that, EVERYTHING is on your IDP and network side.
Jamf Learning Hub - How to get JAMF connect logs
Reply
