Hi everyone,
We're looking to harden our Jamf Pro environment and have a few questions before we proceed. Right now we have SSO turned on and pointing towards our IdP and it works fine. However in the Options section of Single Sign-On we have the following:
- Allow users to bypass the Single Sign-On authentication TICKED
I'm looking to turn this off, my question is will our break glass non-directory user account work still at the Failover URL we have generated?
- Enable Single Sign-On for Self Service for macOS TICKED
Leave this as-is
- Enable Single Sign-On for User Authentication during Enrollment UNTICKED
I'm looking to turn this on - will this redirect users to our IdP login page when they enrol a Zero Touch device?
- Enable Single Sign-On for Account-Driven Enrollment UNTICKED
Also looking to turn this on, but it sounds a lot like the option above so my question is what is the difference?
Once we have made the above changes, there's one more thing I'm looking to change if possible - in Enrollment customization we have one configured for our IdP, I'm wondering if we enable the last 2 options in Single Sign-On can we remove this?
Thanks in advance for any responses!
