Posted on 02-24-2021 08:39 AM
Hi All,
I'm trying to setup Jamf Connect Login with Okta however having some difficulty getting migrated users to retain their local Admin permissions. I have setup 2 separate Apps/connectors with 2 different Client IDs however when both OIDCAccessClientID and OIDCAdminClientID as specified the login window just refreshes to empty boxes after entering login details (no error etc)
If I only specify OIDCAdminClientID it will log in but with a standard user.
If I only specify OIDCAccessClientID it will not log in just the screen refresh like when both are specified
I have tried various combinations of setup but have included what I believe should work but doesn't (company specific data removed)
For anyone that has set this up can you indicate your configuration please.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>AuthServer</key>
<string>company.okta.com</string>
<key>BackgroundImage</key>
<string>/usr/local/jamfconnect/jamfconnectbackground.png</string>
<key>CreateVerifyPasswords</key>
<true/>
<key>DenyLocal</key>
<true/>
<key>LocalFallback</key>
<true/>
<key>LoginLogo</key>
<string>/usr/local/jamfconnect/rectangle.png</string>
<key>LoginScreen</key>
<true/>
<key>Migrate</key>
<true/>
<key>MigrateUsersHide</key>
<array>
<string>admin</string>
</array>
<key>OIDCAdminClientID</key>
<string>xxxxxxxxxxxxxxxxxxxxxx2</string>
<key>OIDCAccessClientID</key>
<string>xxxxxxxxxxxxxxxxxxxxxx1</string>
<key>OIDCAuthServer</key>
<string>company.okta.com</string>
<key>OIDCProvider</key>
<string>Okta</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
</dict>
</plist>
Posted on 02-24-2021 09:51 AM
@JamieL Are you making sure the user you are testing with is given access to both apps?
Posted on 02-24-2021 10:29 AM
Yeah, same users in both App assignment
Posted on 02-24-2021 10:44 AM
your RedirectURI the same for both apps as well?
Posted on 02-25-2021 05:06 AM
Yeah, same RedirectURI in both.
Posted on 02-25-2021 05:15 AM
@JamieL Found it!! This needs to be OIDCAccessClientID not OIDCClientID
Posted on 02-25-2021 06:07 AM
Thanks for looking Dennis. That was actual a typo from me when posting the thread as I had been trying various options to try and get it to work. I have correct it now in the original post.
Posted on 08-31-2021 01:53 PM
Posted on 09-01-2021 04:13 AM
Hey Julien,
This did start working for me but it wasn't until I re-installed the OS on the machines I was testing with, so in my case possibly just to much change on my test machines.
This is what my working setup looks like.
Posted on 09-02-2021 01:13 AM