Add MFA to JAMF Admin sign in process?

VintageMacGuy
Contributor

I am looking for a way to get MFA added to the sign in for JAMF's web interface for JAMF Admins. Just the company.jamf.com site - not the Macs we manage. And not for any Mac users - just admins signing in to the site.

 

JAMF Connect may do this - but here is the catch. For compliance reasons we will not connect JAMF Admin accounts into any directory service like AD or AAD. They need to be stand alone, local, JAMF accounts. No LDAP.

Ideally an extra column would be added to the JAMF Users list to hold a cell phone number, which would be used to send a random PIN, which is then asked for upon sign in. That would meet our MFA requirements. That's all we need.

I don't think anything like this currently exists. Is there another way to get there that is not involving buying a few hundred seat license of JAMF Connect to get one feature for a handful of admins to get MFA added, plus setting up and maintaining a whole other directory service for a few admin users?

4 REPLIES 4

junjishimazaki
Contributor III

@VintageMacGuy Jamf Connect functionality is to sync/create user accounts/password on the Mac not authenticating to the Jamf Pro web server. But, as you found out Jamf does not have a built-in function to enable MFA unless you first authenticate through an IDP/SSO. 

Tribruin
Contributor III
Contributor III

I am pretty sure there is an FR for MFA for local Jamf Pro accounts, not tied to a Cloud IdP. But, I think Jamf' stance is that it is available by integrating Okta or Azure, so a local option is not necessary. 

Seems like we are slipping through the cracks on this one.

 

mickl089
Contributor II

I need also this function.... no chance to get MFA for the admin login?