jamf pro - self hosted questions

htumark
New Contributor

Looking to try out jamf pro. I have a few questions:

1) Most of our public facing apps don't use LDAP. Instead, we use SAML 2.0 with Azure AD. We have our own Azure AD Connect server that syncs our on-prem to Azure. With that said, if we use SSO - can we not only have standard users log in, but also manage admin accounts in jamf pro using SAML/SSO as well? Or would this require a local LDAP connection?

Example: Mike is in the JamfProAdmin AD Group in Azure AD. Will jamf pro application pick that up and give him admin, or does Mike log in as a standard user and then get assigned admin within the application? And if Jules is in the Marketing group, will jamf pick that up so she gets the apps for the marketing department in the self service portal?

2) Is there support for load balancing jamf pro application server? We currently using a master-slave database but would like to run multiple instances of Java/TomCat with the jamf pro application for redundancy.

3) Can MariaDB be used in place of MySQL? And we run Debian 10 instead of Ubuntu?

2 REPLIES 2

sdagley
Esteemed Contributor II

@htumark You would connect your Jamf Pro system to your AD via Settings->System Settings-> LDAP Servers. Once that connection is in place you can create Jamf Pro User Accounts & Groups (those that are allowed to log in to the Jamf Pro console) based on AD group membership. You can use the Limitations tab when scoping a Policy to distribute software to restrict it to specific AD groups.

You can run multiple JSS Tomcat apps behind a load balancer, but they all talk to the same MySQL server.

MariaDB is not officially supported, nor is Debian 10

Ricky
Contributor

We do the same thing as what @sdagley mentioned. All members in our AD structure get brought into JAMF, but only people in the SG-JAMF-Admin security group get access. This is just a cell in a larger organism of our district, but it allows for all access control to be completed via Active Directory amidst our several dozen platforms. The long-term payoff of using your AD backend to drive this is worth it.