Jamf Nation Community

I would roll back Jamf Connect to rule in/out it being something with the client. However, based on the popup I am going to figure this issue is on the IDP side and something in your Google Admin Console needs to be adjusted.

Hello, I am having this same issue. Was there any resolution to this issue?

Having the same problem in our environment. Machines in the field are on version 2.29, and I have tested on 2.35 without change. The macOS App Access Control is configured in Google Workspace Console to allow access. 

Same issue here but only for one user… so far. 

Same thing has cropped up here too.

We're still having the trouble. I've opened a ticket with JAMF support, but it does seem to be an issue on the Google side of things. If we figure it out I will post what I find!

same issue here, just started getting users reporting this

Becoming widespread now with our user base and definitely seems to be something going on with Google. The Prompt on my phone 2FA authentication is not working either. I don't know enough about OAUTH and APIs to do any work on this myself, so am relying on the greater minds here, at Jamf, and at Google for a solution. I will open a ticket with Google.

Popping in a 'same' here as well. I've even tried whitelisting the Jamf Connect client ID for Google OAuth, but no joy 😥

We also have this same issue with the Jamf Connect consent screen which started about a week ago. We opened a Jamf Support ticket last Friday and were also advised to open a Google support ticket as well, which I did last night.  Hopefully someone on the thread will get some traction with Google as it does seem to be something on their end.  

Has anyone had any luck with Google?

No progress for us yet. JAMF is waiting on info from Google while looking into it themselves, and Google has so far given no help. The only suggested action was to add the Oauth Client ID as Trusted in the API section of Google Admin, which we have done multiple times.

Google wants to get a HAR file (https://toolbox.googleapps.com/apps/har_analyzer/) but since JAMF Connect is not logged into through a traditional web browser I don't know how I could collect those logs.

The suggestion I got back from Google was to add the client ID for Jamf Connect to the domain wide API delegation in Google Admin, which really feels like quite a sledge hammer approach to it. Haven't tested it yet because it's such a big change I need some approvals before having a go. 

In Google Cloud - Credentials - Oauth 2.0 Client IDs is where Jamf Connect has you create an ID. Within that ID you have to enter an "Authorized redirect URI"

This URI is what has to be a domain name now, but it doesn't say that explicitly that I can see. This will automatically be added to the Oauth Consent Screen's Authorized Domain list, which does specify that it needs to be a "top private domain"

Whatever you choose to enter, you have to change the OIDCRedirectURI key in your Jamf Connect Login Settings config profile to match. I tried it now with our school's website domain and it seems to work ok. I'm still hesitant to push it for all users though as I'm not totally clear on what it's used for yet.

Any updates?

I just ran into this today. The workaround of using a domain name seems to work. It would be great to get something official from JAMF or Google on it though.