Help

SSO enablement for JAMF URL

Asifahmed
New Contributor III

Posted on ‎06-01-2023 09:21 AM

Hello All,

I just wanted to know if I can bypass the SSO authentication putting "?failover" after my JAMF console URL then what is the point to use SSO, or it is known to administrator only not for others? Or it can be stopped also to bypass in this way?

0 Kudos
Reply
12 REPLIES 12

JustDeWon
Contributor III

‎06-01-2023 09:31 AM - edited ‎06-01-2023 09:33 AM

The failover url can be randomized(regenerated) and can only be seen by the administrators

0 Kudos
Reply

junjishimazaki
Valued Contributor

Posted on ‎06-01-2023 09:32 AM

The whole point of having the failover is if your SSO provider isn't working properly and you can't login then you use the failover so you can still login to your Jamf Pro server. The whole point of having a SSO is to only allow authorized users to login to your Jamf Pro server. 

0 Kudos
Reply

jamf-42
Valued Contributor II

Posted on ‎06-01-2023 09:48 AM

it won't work unless you turn on fail over.. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to jamf-42

Posted on ‎06-01-2023 09:57 AM

So security team can enable that option in their console?

0 Kudos
Reply

jamf-42
Valued Contributor II

‎06-01-2023 09:59 AM - edited ‎06-01-2023 10:00 AM

Capture 2023-06-01 at 17.58.46.png

 plus the recent update to randomise the URL.. only an admin will know it.. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to jamf-42

Posted on ‎06-01-2023 10:02 AM

So if I uncheck it from Jamf console then it will be disabled to bypass SSO authentication?

0 Kudos
Reply

jamf-42
Valued Contributor II
In response to Asifahmed

Posted on ‎06-01-2023 10:04 AM

correct, but.. if you SSO goes down.. or something goes.. funky.. you won't be able to log in.. so make sure you have a back up plan.. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to jamf-42

Posted on ‎06-01-2023 10:12 AM

Make sense what you said, but if SSO goes down that time security team can remove the SSO also if I cant login to my Jamf console, correct?

0 Kudos
Reply

jamf-42
Valued Contributor II
In response to Asifahmed

Posted on ‎06-01-2023 10:17 AM

depends on your business security requirements. I'd suggest checking in with jamf support on this. 

0 Kudos
Reply

Asifahmed
New Contributor III
In response to jamf-42

Posted on ‎06-01-2023 10:18 AM

Make sense, thanks a ton.

0 Kudos
Reply

Tribruin
Valued Contributor II

Posted on ‎06-01-2023 10:37 AM

That was a long concern about the failover login as it was the same for every Jamf instance. Now you can generate a random URL that is unique to your instance. Go in to Settings -> Single Sign On. Click edit and click the regenerate button. Take note of the URL that is generated. If you every need to login with a local account (like your "break glass in case of emergency" account) you will need this random URL. 

0 Kudos
Reply

Asifahmed
New Contributor III

Posted on ‎06-01-2023 10:50 AM

Make sense, that is a good news for security.

0 Kudos
Reply