Add MFA to JAMF Admin sign in process?

VintageMacGuy
Contributor II

I am looking for a way to get MFA added to the sign in for JAMF's web interface for JAMF Admins. Just the company.jamf.com site - not the Macs we manage. And not for any Mac users - just admins signing in to the site.

 

JAMF Connect may do this - but here is the catch. For compliance reasons we will not connect JAMF Admin accounts into any directory service like AD or AAD. They need to be stand alone, local, JAMF accounts. No LDAP.

Ideally an extra column would be added to the JAMF Users list to hold a cell phone number, which would be used to send a random PIN, which is then asked for upon sign in. That would meet our MFA requirements. That's all we need.

I don't think anything like this currently exists. Is there another way to get there that is not involving buying a few hundred seat license of JAMF Connect to get one feature for a handful of admins to get MFA added, plus setting up and maintaining a whole other directory service for a few admin users?

8 REPLIES 8

junjishimazaki
Valued Contributor

@VintageMacGuy Jamf Connect functionality is to sync/create user accounts/password on the Mac not authenticating to the Jamf Pro web server. But, as you found out Jamf does not have a built-in function to enable MFA unless you first authenticate through an IDP/SSO. 

Tribruin
Valued Contributor II

I am pretty sure there is an FR for MFA for local Jamf Pro accounts, not tied to a Cloud IdP. But, I think Jamf' stance is that it is available by integrating Okta or Azure, so a local option is not necessary. 

Seems like we are slipping through the cracks on this one.

 

mickl089
Contributor III

I need also this function.... no chance to get MFA for the admin login?

I also need this function too. Creating an interface to Google authenticator og Microsoft authenticator would be much appreciated

there is a function for this, but a little bit tricky to install / Setup:

https://yourcompany.jamfcloud.com/view/settings/system/sso

Just try it, we got this working with azure connectivity!

We do not have an Azure AD, please advise how to set up MFA without Azure.

I still recommend Jamf to implement the simple MFA setup as all other sites do,

hope it will be implemented soon.

Tribruin
Valued Contributor II

I don't see Jamf adding basic MFA anytime soon. Whenever this question has come up, they point back to their SSO options with Azure, Okta, Ping, Google, etc. That covers a vast majority of the Identity providers and eliminates the need for creating a separate MFA process. 

 

Do you use ANY identity provider for other internal resources. Since MFA is a concern, I would suspect you have an IdP.