JAMF Pro and Azure Cloud Identity Integration

smcshaner
New Contributor III

We have just started our journey with JAMF Pro, I'm trying to understand at a basic level the best way to support user authentication to allow Automated Device Enrollment with Authentication to stop iPads from being setup without a user assigned. 

I have been told that we wont be using LDAP due to security issues, so we thought to use Azure AD Cloud Identity Integration with Jamf Cloud.

Has anyone done this? What challenges were faced? Did it change any workflows from traditional LDAP?

3 REPLIES 3

iJake
Valued Contributor

That piece is just for looking up user information. You'd still need to integrate Azure AD as an SSO provider for the authentication piece. The SAML response would contain a username and group information that would be looked up against Azure AD via the Cloud Identity integration. At a high level that's how it would work.

smcshaner
New Contributor III

Thanks that makes more sense

jttavares
New Contributor III

Hi iJake. I have setup Azure as an SSO provider and Cloud Identity Provider successfully as mapping works fine for CIP.   Maybe you can shed some light on a problem I have. I thought once I setup Azure, I would be able to populate the User and Location info as hardware checks in, not just during enrollment, but that doesn't seem to occur.  I have a high turnover rate of staff going in and out of the company so we do not re-enroll hardware as staff leave but pass on the hardware with a new local account, matching the SAM in Azure.  This is very frustrating from an asset tracking perspective to not be able to get these inventory fields

to auto-populate.  Any help would be appreciated.  Thank you.