Jamf Connect Integration with Jamf Pro

Jamf Connect is an app that allows administrators to manage authentication by connecting a user's local macOS account to their organization's cloud identity (network account). Jamf Connect includes two core components:

  • Login window—An authorization plug-in that modifies the default macOS login process and login window UI.

  • Menu bar app—An application that helps users manage their network and local passwords.

Integrating your Jamf Connect subscription with Jamf Pro allows you to do the following:

  • View and edit your configuration profiles that contain Jamf Connect settings from a central location in Jamf Pro (Settings > Jamf Applications > Jamf Connect).

  • Deploy the Jamf Connect package directly to computers in the scope of your configuration profiles with Jamf Connect settings.

  • Configure Jamf Pro to automatically update Jamf Connect on computers when new versions are released.

Creating a Jamf Connect Configuration Profile

You can use Jamf Pro to create a computer configuration profile that configures Jamf Connect settings with the Application & Custom Settings payload. This payload allows you to select Jamf Connect preferences, automatically generate a PLIST file, and configure the scope. Jamf Pro can use configuration profiles created in this way to automatically deploy and update Jamf Connect.

Depending on which components of Jamf Connect you plan to use, you must configure settings for the following Jamf application domains:

  • com.jamf.connect—Includes all settings for the Jamf Connect menu bar app

  • com.jamf.connect.login— Includes all settings for the Jamf Connect login window

Keep the following in mind when you configure Jamf Connect:

  • You can configure multiple Application & Custom Setting payloads in a single configuration profile. This allows you to configure multiple preference domains in a single configuration profile.

  • You can split your Jamf Connect settings into multiple configuration profiles written to the same preference domains. This allows you to easily add or remove a subset of Jamf Connect settings (e.g., enrollment-only settings).

Best Practice: Configuring Enrollment-only Settings

Best practice workflows cover common scenarios; however, the following recommendations may not apply in your environment.

If you plan to configure Jamf Connect settings that should only be used during enrollment, you can create a separate configuration profile for these settings. Common settings include the following:

  • Acceptable use policy settings

  • Notify screen script

  • authchanger command-line arguments that enable the Notify screen

Create a configuration profile that includes the following Application & Custom Settings payloads:

  1. Configure the com.jamf.connect.login preference domain with enrollment-only settings.

    images/download/attachments/82683417/EnrollmentOnly1.png
  2. If your organization uses the Notify screen, configure the com.jamf.connect.authchanger preference domain to enable the Notify screen after Jamf Connect is installed.

    images/download/attachments/82683417/EnrollmentOnly2.png

Requirements

  • Integration with a cloud identity provider (IdP)

  • Familiarity with your IdP's minimum authentication settings

  • (Optional) If you plan to deploy Jamf Connect with a PreStage Enrollment, your configuration profile must be signed.

Procedure

  1. In Jamf Pro, click Computers at the top of the sidebar.

  2. Click Configuration Profiles in the sidebar.

  3. Click New.

  4. Use the General payload to configure basic settings, including the level at which to apply the profile and the distribution method.

    Only payloads and settings that apply to the selected level are displayed for the profile. To distribute the profile during enrollment using a computer PreStage enrollment, ensure you create a computer-level configuration profile.

  5. Use Application & Custom Settings payload to configure Jamf Applications.

  6. Click Add.

  7. Choose " com.jamf.connect.login" from the Jamf Application Domain pop-up menu.

  8. Choose a version of the preference domain you want to configure.

    The latest version is recommended.

  9. Choose " Jamf Connect Login.json" from the Variant pop-up menu.The Jamf Connect preference domain settings display.

  10. Configure Jamf Connect settings.

    To determine which settings are required, see Authentication Settings.

  11. If you plan to use the Jamf Connect menu bar app in your organization, click Add to configure settings for the Jamf Connect menu bar app preference domain (com.jamf.connect).

  12. Click the Scope tab and configure the scope of the profile.

    Note: Ensure the scope of the profile contains the computers that are in the scope of the PreStage enrollment. For more information about distributing configuration profiles during enrollment, see Computer PreStage Enrollments.

  13. Click Save.

Your configuration profiles are distributed to target computers when they check in with Jamf Pro. If you configure deployment and update settings for the profile, Jamf Pro will install or update Jamf Connect on target computers accordingly.

Configuring Jamf Connect Deployment and Update Settings

You can configure Jamf Pro to deploy Jamf Connect to computers and automatically update the version as new releases become available. To do so, you must assign deployment and update settings to an existing configuration profile in Jamf Pro that has Jamf Connect settings. Jamf Pro will install and update computers in the scope of the configuration profile accordingly.

Requirements

  • Cloud Connection Services enabled

  • For instructions, see Cloud Services Connection.

  • The following Jamf Pro user account privileges:

    Category

    Privilege

    Jamf Pro Server Settings

    Cloud Services Connection (Read)

    Jamf Connect

    Jamf Pro Server Objects

    Jamf Connect Deployments

Procedure

  1. In Jamf Pro, click Settings in the top right corner.

  2. Click Jamf Applications in the sidebar.

  3. Click Jamf Connect.

  4. Next to the configuration profile with the Jamf Connect settings you want to deploy, click Edit.

  5. Choose the initial version of Jamf Connect to be deployed from the Version pop up menu.

    Note: If a computer in the scope of the configuration profile currently has a version of Jamf Connect installed previous to the specified initial version, Jamf Pro will update that computer to the specified initial version.

  6. Select the updates that should be deployed from the Update Type pop up menu.

    The following options are available:

    Option

    Description

    None

    Jamf Pro installs the specified initial version of Jamf Connect on computers in the scope that currently have no version of Jamf Connect installed. No updates will be installed.

    Maintenance

    Jamf Pro installs the specified initial version on computers in the scope that have no version of Jamf Connect installed or a previous version of Jamf Connect installed. Maintenance updates (e.g. 2.2.1 to 2.2.2) will be installed as they become available.

    Minor & Maintenance

    Jamf Pro installs the specified initial version on computers in the scope that have no version of Jamf Connect installed or a previous version of Jamf Connect installed. Minor updates (e.g. 2.2.1 to 2.3.0) and maintenance updates will be installed as they become available.

    Manual

    Jamf Pro installs the specified initial version on computers in the scope that currently have either no version of Jamf Connect installed or a previous version of Jamf Connect installed. No updates will be installed.

  7. Click Confirm.

Jamf Pro deploys the specified initial version of Jamf Connect when computers in the scope of the configuration profile check in and updates them accordingly as new releases become available.

Related Information

For related information about deploying Jamf Connect using Jamf Pro, see the Deploying Jamf Platform Products Using Jamf Pro to Connect, Manage, and Protect Mac Computers technical paper.

For related information about Jamf Connect, see the Jamf Connect Administrator's Guide.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.