Help

Jamf Connect + Azure AD Config Help

davidmundt
New Contributor III

Posted on ‎05-05-2021 02:22 PM

I'm trying to configure Jamf Connect using the Jamf Connect Configurator and need help. I've got the app setup in Azure AD per the admin guide but am finding no helpful information about building the .plist file. Does anyone have a config guide?

Jamf Connect 2.3.1

0 Kudos
4 REPLIES 4

Tribruin
Valued Contributor II

Posted on ‎05-05-2021 02:30 PM

I would recommend you use the Jamf Connect Configuration application to build your profile. Start with a very basic profile and fill in just the the following fields:

identity Provider: Azure
OIDC Client ID: << Enterprise Application ID >>
ROPG Client ID: <<Enterprise Application ID >>
OIDC Redirect URL: https://127.0.0.1/jamfconnect

That is enough to test your settings. If you go up to the right-hand corner and click on the test button, you can check both the OIDC connection and ROPG connection.

davidmundt
New Contributor III

Posted on ‎05-05-2021 05:35 PM

I've gotten that far and tested the OIDC and ROPG connections! I'm able to authenticate and grab a token from AZ AD successfully.

0 Kudos

davidmundt
New Contributor III

Posted on ‎05-07-2021 06:28 AM

I've followed the instructions in the Jamf Connect Admin Guide for Integrating with Microsoft Azure AD, gotten the App Registration configured in Azure AD, and have tested the authentication using the Jamf Connect Configuration Utility's Test button. That is as far as I've gotten.

The end goal here is to deploy new macs to users, have them go through them automatically enroll in Jamf (auto enrollment using prestage enrollment is tested and operational), have Jamf Connect installed, the login window should have them enter their Azure AD credentials followed by MFA verification, a local user should be created with their Azure AD username/password, and if the password changes it is synced to Azure AD. If someone has an example com.jamf.connect.login.plist file it would be a huge help.

0 Kudos

Tribruin
Valued Contributor II

Posted on ‎05-07-2021 07:22 AM

@davidmundt Wanted to make sure you know that you can get a plist direct from Jamf Configuration Configuration app by clicking on the </> button in the upper right corner. Once you have set your basic setting, click on that button and copy the plist and use that to build a custom profile in Jamf.

Here is a simple com.jamf.connect.login profile 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>CreateJamfConnectPassword</key>
    <true/>
    <key>LocalFallback</key>
    <false/>
    <key>OIDCAdmin</key>
    <array>
        <string>Admin</string>
    </array>
    <key>OIDCAdminAttribute</key>
    <string>roles</string>
    <key>OIDCClientID</key>
    <string>redacted</string>
    <key>OIDCNewPassword</key>
    <false/>
    <key>OIDCProvider</key>
    <string>Azure</string>
    <key>OIDCROPGID</key>
    <string>redacted</string>
    <key>OIDCRedirectURI</key>
    <string>https://127.0.0.1/jamfconnect</string>
</dict>
</plist>

It has the following set: Create the local account, add a keychain (so Jamf Connect Menu bar logs in automatically), and uses the Azure role 'Admin' to promote a user to an Administrator (otherwise they will the account will be a Standard account).

A couple of suggestions.
Take a look at Sean Rabbit's meta package - Github Link. I find this a good way to package everything in a single package for Jamf. (Plus the script will help with a race condition if the package is still installing when enrollment is complete and the user is presented a login window.)

Also, make sure you push your configuration files in your prestage enrollment.

0 Kudos