Skip to main content
Question

Jamf Connect problems with Azure AD

  • February 11, 2021
  • 6 replies
  • 65 views
R
Forum|alt.badge.img+4

Hi all,
I've followed this training video (https://trainingcatalog.jamf.com/deploy-jamf-connect-with-azure/315013) and setup Azure Ad with the Jamfconnect enterprise app / app registration etc. I've tested authentication with the Jamf Connect configurator app and I get a successful token back with my Azure AD user.

I've setup a configuration profile with the jamf connect license key and the plists I created with my AD emprise app settings.

I've setup a policy yo deploy the jamfconnect.pkg to the client. I've deployed the configurations profiles to the client. Client has the profiles and the jamfconnect package installed and is enrolled in Jamf Pro.

I get no logon window for Microsoft AD when I reboot the mac. I can only logon locally with my mac user.

Any ideas where it's failing?

Thanks,

6 replies

T
Forum|alt.badge.img+20
  • Tribruin
  • Honored Contributor
  • February 11, 2021

Are you seeing the FileVault login screen instead of the actual macOS Login screen by chance? If you enter your password at the FV screen do you get the Jamf Connect Login screen afterwards

if that is not working, login to your Mac and run the following command:

sudo /usr/local/bin/authchanger -reset -JamfConnect

That should enable the JamfConnect Login window.

R
Forum|alt.badge.img+4
  • robbo007
  • Author
  • Contributor
  • February 11, 2021

Ok so running that command I now get the jamf login screen. Wohoo! Something else has gone wrong as you can see. I'm going to re-create the configuration profile as I've been messing around with different configurations and maybe I broke it and thats why its erroring out.

Will I have to stick this command in my deployment policy for future macs?

T
Forum|alt.badge.img+20
  • Tribruin
  • Honored Contributor
  • February 11, 2021

You shouldn't have to run that command if you are just doing a standard package install, the post-install script should run it automatically. Make sure your configuration profiles are installed on the computer BEFORE you install the JamfConnect package. Authchanger will read the com.jamf.connect.login preferences to properly setup your IdP.

R
Forum|alt.badge.img+4
  • robbo007
  • Author
  • Contributor
  • February 12, 2021

Right, after recreating everything and checking for typos its now working :) The only thing that not working properly is it not getting the roles Admin from Azure AD. I've updated the manifest in Azure with the amendments from the Jamf Connect user guide. My test user is in the admin group in the enterprise application. When goto the mac, users I see the AD user created but as Standard and not admin.

Any ideas? Is my plist good?

T
Forum|alt.badge.img+20
  • Tribruin
  • Honored Contributor
  • February 12, 2021

Looks like you need to add the following entry:

<key>OIDCAdminAttribute</key>
 <string>roles</string>

That key is required for Azure AD, in addition to the OIDCAdmin key listing the role(s) that should be created as Admins.

Edit to add:

Also, want to make sure you have assigned the proper roles to Users & Groups in the Enterprise Application:

R
R
Forum|alt.badge.img+4
  • robbo007
  • Author
  • Contributor
  • February 18, 2021

Thanks all working now :) A great help. I gather there is no way to force password rsync in the background instead of each login prompting the user to verify their password when logging in.

Terms & ConditionsCookie settingsAccessibility statement