Enable MFA for Jamf Self service

OMP
New Contributor II

Hello Everyone

Has anyone configured MFA for Jamf Self service?, we would like to enable MFA when users log into Self service and leverage Azure AD MFA, if anyone has implemented this before and can provide some guidance or step by step doc, I'd really appreciated all the help

7 REPLIES 7

AVmcclint
Honored Contributor

Just curious, but why do you want to put Self Service behind a MFA wall? It seems like another hurdle between users and the helpful resources it's intended to provide.

OMP
New Contributor II

@AVmcclint the idea is to use MFA when users access self service to get some items that will provide additional permissions/features, this is only for user that need to log in to have those items available

merps
Contributor III

We did this by configuring Azure as the SSO provider "JSSURL/view/settings/system/sso" and checking the box at the bottom to "Enable Single Sign-On for Self Service"

From there, Azure settings can enforce MFA

OMP
New Contributor II

Thank you @merps,

Step 1: enable Single Sign-On for Self Service to use Single Sign-On authentication from "JSSURL/view/settings/system/sso"

does this require a change from "JSSURL/system/selfService"? and configuration from Azure to enable MFA?

merps
Contributor III

I believe checking the box in the /system/sso spot also enables it in /system/selfService. From what I recall, they are two separate spots to set the same preference.

OMP
New Contributor II

Hi Everyone, can anyone provide some images o documentation about what the end users experience is? thanks in advance

 

merps
Contributor III

In our environment, when the user clicks Log In in the bottom corner of Self Service, the Azure window loads the same login experience as it would for any other AAD connected app. After entering credentials, the username shows in the bottom corner instead of the words Log In.