Skip to main content
Solved

Login requires Google consent every time

  • May 20, 2024
  • 34 replies
  • 223 views
Show first post

34 replies

rosmer
Forum|alt.badge.img+5
  • rosmer
  • Author
  • New Contributor
  • June 21, 2024

Any updates?


Nothing from JAMF on my end. They closed the ticket stating they're still researching.

Google support was no help.

KCOURTEAU
Forum|alt.badge.img+1
  • KCOURTEAU
  • New Contributor
  • June 21, 2024

I just ran into this today. The workaround of using a domain name seems to work. It would be great to get something official from JAMF or Google on it though.

RobinJJ
Forum|alt.badge.img+4
  • RobinJJ
  • Contributor
  • July 1, 2024

Maybe something?

 

https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F162106%3Fhl%3Den&assistant_id=generic-unu&product_context=162106&product_name=UnuFlow&trigger_context=a

 

 

In google admin console: https://admin.google.com/ac/owl 

 

A
Forum|alt.badge.img+4
  • avail
  • Contributor
  • July 1, 2024

Funnily enough, I just tried the Domain-wide delegation bit today but with no change :(

I added the ID from the existing OAuth config we had whitelisted in Third Party App Access in Google admin and added the same 3 scopes to the domain wide delegation config but no joy!

A
Forum|alt.badge.img+4
  • astrugatch
  • Contributor
  • July 26, 2024

The suggestion I got back from Google was to add the client ID for Jamf Connect to the domain wide API delegation in Google Admin, which really feels like quite a sledge hammer approach to it. Haven't tested it yet because it's such a big change I need some approvals before having a go. 


did they say which scopes would need to be added and allowed?

MMA-Admin
Forum|alt.badge.img+5
  • MMA-Admin
  • New Contributor
  • July 29, 2024

I have forwarded your solution to Google support as well, as this seems to possibly be a Google Cloud change, not liking 127.0.0.1


Spoke with someone in person from Jamf and the solution above is the correct solution. You must change your URI to point to a valid FQDN, but one that will not answer or redirect. Google is not likely to change their URI requirement and pointing to any valid site that does not answer the redirect request is all that the Jamf Connect needs to work. According to the Jamf employee I spoke with, the documentation for setting up Jamf Connect will be updated in the near future to reflect this change.

    B
    Forum|alt.badge.img+4
    • BKZU
    • Contributor
    • August 9, 2024

    Spoke with someone in person from Jamf and the solution above is the correct solution. You must change your URI to point to a valid FQDN, but one that will not answer or redirect. Google is not likely to change their URI requirement and pointing to any valid site that does not answer the redirect request is all that the Jamf Connect needs to work. According to the Jamf employee I spoke with, the documentation for setting up Jamf Connect will be updated in the near future to reflect this change.


    Alright, that's great news, waiting for official communication before making any changes.

    ejadadic
    Forum|alt.badge.img+10
    • ejadadic
    • Contributor
    • August 23, 2024

    I'm having trouble understanding Jamf. They are selling a comprehensive product, but I've received information about multiple Jamf Pro bugs (including Jamf Connect) that haven't even reached the development stage. I'm frustrated with the quick fixes and assurances provided to customers.

    RobinJJ
    Forum|alt.badge.img+4
    • RobinJJ
    • Contributor
    • August 27, 2024

    here we go: https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Suppressing_Google_Consent_Prompts_in_the_Jamf_Connect_Login_Window.html

    Terms & ConditionsCookie settingsAccessibility statement