Azure AD Integration

Updated 18 February 2021

Integrating Jamf Pro with Azure AD as an identity provider allows for the following LDAP workflows without the need to configure Azure AD Domain Services:

  • Look up all users and groups for inventory purposes

  • Performing user membership lookups and use them to map privileges to relevant accounts in Jamf Pro

  • Configuring user authentication and scoping

Important: Do not integrate Jamf Pro with Azure AD as a cloud identity provider if your environment already includes Active Directory Federation Services (ADFS) and Microsoft’s Active Directory LDAP configurations. The migration workflow will be available in a future release of Jamf Pro.

When integrating Jamf Pro with Azure AD, consider the following:

  • Your Jamf Pro instance needs to be hosted in Jamf Cloud.

  • Your Azure AD privileges (e.g., admin account) allow you to manage consent requested by the Jamf Pro Azure AD Connector app.

  • User groups added in Jamf Pro have the same name as groups configured in Azure. Accounts and groups added in Jamf Pro must be the standard type.

  • Single sign-on (SSO) with Azure must be configured in Jamf Pro to use SSO workflows (e.g., user-initiated enrollment or logging in to Jamf Pro). For information on how to configure SSO in Jamf Pro, see Single Sign-On.

Note: When Azure AD with multi-factor authentication enabled is added as the cloud identity provider, authentication workflows in Jamf Pro (e.g., Self Service and user-initiated enrollment) do not work for Azure AD user groups and accounts.

Configuring an Azure AD Identity Provider Connection

When a server connection is added, it is enabled by default. You can configure multiple connections and choose which configuration to use. Disabling the connection prevents Jamf Pro from querying data from this server. This means you can add a different configuration without deleting the current connection. To disable the connection, use the switch.

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/81937770/Settings_Icon.png .

  3. Click System Settings.

  4. Click Cloud Identity Providers images/download/thumbnails/81937770/icon-CloudIdentityProviders.png .

  5. Click New images/download/thumbnails/81937770/Icon_New_Button.png .

  6. Choose Azure and click Next. You are redirected to the administrator consent page in Microsoft.

  7. Enter your Microsoft Azure credentials and follow the onscreen instructions to grant the permissions requested by the Jamf Pro Azure AD Connector application.

  8. After the request completes, in Jamf Pro configure the settings on the Server Configuration tab. Consider the following limitations:

    • The display name for the configuration must be unique.

    • The Tenant ID value is pre-populated with information from Microsoft.

  9. Use the Mappings tab to specify user attribute mappings and group attribute mappings.

  10. Click Save images/download/thumbnails/81937770/floppy-disk.png .

Saving a server connection triggers an automatic verification process. After your configuration is saved, you can test the mappings. For more information, see Testing Attribute Mappings.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.