Help

jamf connect 403 forbidden error

Go to solution
asuneson
New Contributor

Posted on ‎11-27-2023 11:42 AM

since implementing jamf connect, we keep randomly getting 403 forbidden errors after trying to login (we use azure). has anyone else ever run into this before? we're not sure if it's on the jamf side or the azure side that's causing the issue.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor II

Posted on ‎11-28-2023 05:40 AM

The 403 forbidden is a server response (from Azure in this case), you don't have permissions to do what you are trying to do. My guess is you have not setup the JAMF Connect app in Azure correctly, or did not put the correct information in the JAMF Connect configuration profile. 

What I would do.

  1. Review the Configuration Profile. Make sure the OIDC Client ID, ROPG Client ID, Tenant, and other information are all correct.
  2. If the Configuration profile is correct. Make sure the integration is setup correctly in Entra and that no Conditional Access blocks are tripping you up.
  3. Make sure there are no firewall or SSL redirections getting in the middle of traffic between the Mac and Entra (the Mac does not talk to JAMF Pro at this step)
  4. Check JAMF Connect logs, and Entras Access Logs.

 

By and large JAMF Connect is a stupidly simple product. It consists of a .app you deploy and a configuration profile. You can't screw up the app deployment. That configuration profile, which tells the login and menu bar functions what IDP to talk to and what the client ID's are. If you screw up the configuration profile, then Entra will not accept communication. Outside of that, EVERYTHING is on your IDP and network side.

 

 

Jamf Learning Hub - How to get JAMF connect logs

View solution in original post

2 REPLIES 2

Go to solution
cenforce
New Contributor III

Posted on ‎11-28-2023 04:06 AM

@asuneson experiencing random 403 forbidden errors with Jamf Connect during logins through Azure can be perplexing. To troubleshoot this, consider checking the configuration settings both on the Jamf Connect and Azure sides. Ensure that the permissions and authentication settings are correctly configured in Azure, and verify that the Jamf Connect settings align with your Azure configuration. It's advisable to review any conditional access policies or security configurations in Azure that might be impacting the authentication process. 

Good luck!

jamf man
0 Kudos

Go to solution
AJPinto
Honored Contributor II

Posted on ‎11-28-2023 05:40 AM

The 403 forbidden is a server response (from Azure in this case), you don't have permissions to do what you are trying to do. My guess is you have not setup the JAMF Connect app in Azure correctly, or did not put the correct information in the JAMF Connect configuration profile. 

What I would do.

  1. Review the Configuration Profile. Make sure the OIDC Client ID, ROPG Client ID, Tenant, and other information are all correct.
  2. If the Configuration profile is correct. Make sure the integration is setup correctly in Entra and that no Conditional Access blocks are tripping you up.
  3. Make sure there are no firewall or SSL redirections getting in the middle of traffic between the Mac and Entra (the Mac does not talk to JAMF Pro at this step)
  4. Check JAMF Connect logs, and Entras Access Logs.

 

By and large JAMF Connect is a stupidly simple product. It consists of a .app you deploy and a configuration profile. You can't screw up the app deployment. That configuration profile, which tells the login and menu bar functions what IDP to talk to and what the client ID's are. If you screw up the configuration profile, then Entra will not accept communication. Outside of that, EVERYTHING is on your IDP and network side.

 

 

Jamf Learning Hub - How to get JAMF connect logs