Help

Jamf Pro/Connect questions

tengochan
New Contributor

Posted on ‎11-04-2022 08:17 AM

The university I work for has purchased Jamf Pro and as my department is in charge of physical device management and software I've been tasked with setting it up. However, it looks like they only purchased Jamf Pro and did not purchase Jamf Connect as well.

It seems like half of what the Jamf team was selling us on with like Zero-Touch deployment was something you can only do by utilizing Connect as well, but then we were only quoted and purchased Jamf Pro.

My question is, what can I realistically accomplish with Jamf Pro without Connect vs with Connect? Zero-touch deployment? Software management? Security? MDM?

10.0.0.0.1 192.168.1.254
0 Kudos
3 REPLIES 3

TheAngryYeti
Contributor
Contributor

Posted on ‎11-04-2022 08:53 AM

With just Jamf Pro you will be able to achieve zero-touch for the enrollment and user account provisioning - however, if you require accounts to be provisioned directly from the IdP provider(like Azure) Connect is the tool you should use in conjunction to Pro.  Everything else you listed is possible as Jamf is an MDM and will be able to do pretty much whatever you need to administer the endpoints.

AJPinto
Honored Contributor II

Posted on ‎11-07-2022 05:28 AM

If you want Macs to be able to allow users to log in with AD/Okta/ext Credentials, JAMF Connect would be the tool to get. If you want to let the users make their own accounts, or use managed AppleID's you don't need JAMF Connect. This is an internal organization question. We use JAMF Connect, but we also require centralized account management and have strict access control policies.

 

TR;DR

JAMF Connect is just a tool to federate log ins with your IDP. Depending on how you organization wants to handle user authentication and centralized account management there is no need for JAMF Connect.

0 Kudos

piotrr
Contributor III

‎11-11-2022 12:59 AM - edited ‎11-11-2022 12:59 AM

We used Jamf Pro only for years before Jamf Connect became available and then viable. I would say you are good for most things. The main difference, as AJ Pinto pointed out, is that users will need to create their user accounts, local credentials, during setup. So it won't be zero touch for them, but it can be zero touch for you, if you write them a little instruction. 

From an AzureAD user management perspective, Jamf Connect is only half the solution, or even less. There is very little interaction between the credentials entered into Jamf Connect and the rest of Mac OS or Jamf: Jamf Pro doesn't populate its device user information with the user details from Azure AD and "password syncing" comes down to warning the user if the passwords don't match and asking the user to change their passwords to match. It's a fairly expensive rubber band and tape solution.... but still nice to have. 

The big, big benefit of Connect for me was the setup, where users are shown an MFA capable, modern AzureAD sign in screen instead of Mac's standard create user screen. I am really hoping that Jamf Connect continues development and - dare I wish - integrates with Ventura SSO management. 

0 Kudos