I hope all are well. I am seeking some assistance from the community in terms of a recent migration from on-prem AD to Azure. Previously, our user would receive an iPad during new hire training and during setup, they would authenticate at the 'Remote Management' screen with their account credentials. After a successful authentication, they would hit Location Services and then land on the home screen. The only items left for them is to set a PIN and enter their account password for an email profile that has been deployed.
Back to current, I have done some searching around the forum and found a link to a blog where they go over Azure Domain Services + LDAP setup. Is this the only method for allowing my users to authenticate at that remote management screen? We don't have Domain Services licensing as we don't have a need. Can anybody else recommend a different method?
I have attempted to setup SSO through Enterprise Applications section of Azure. When I test the app, it lands on https://star.jamfcloud.com/saml/SSO where I am greated with Access Denied. If I change the url to https://star.jamfcloud.com/?failover I am then able to sign back in.
Thank you in advance.
Hi @socjamfad ,
this can be set by following guide to set Azure AD enterprise app at https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/jamfprosamlconnector-tutorial (make sure you set "Disable SAML token expiration" to checked.) On AAD side you need to fill: Identifier (Entity ID): https://star.jamfcloud.com/saml/metadata
Reply URL (Assertion Consumer Service URL): https://star.jamfcloud.com/saml/SSO
this will however only let you as an admin or user access your Jamf Pro console