Jamf Connect Integration with Jamf Pro
Jamf Connect is an app that allows administrators to manage authentication by connecting a user's local macOS account to their organization's cloud identity (network account).
- Login window—An authorization plug-in that modifies the default macOS login process and login window UI.
- Menu bar app—An application that helps users manage their network and local passwords.
The Jamf Connect integration in Jamf Pro allows you to automatically deploy the Jamf Connect package to computers in the scope of computer configuration profiles with Jamf Connect settings.
You can configure the following:
- View all computer configuration profiles—
View all computer configuration profiles with Jamf Connect settings in a single location ( ). Jamf Pro automatically detects and displays any configuration profile with settings written to a preference domain starting with
com.jamf.connect
. - Deploy Jamf Connect
—
Deploy a specific version of Jamf Connect to computers in the scope of a configuration profile. This allows you to complete an initial deployment of Jamf Connect to target computers or to manage subsequent updates without enabling automatic updates.
- Configure automatic updates—
Configure automatic updates for computers in the scope of a Jamf Connect configuration profile. You can configure Jamf Pro to automatically deploy minor updates (e.g., 1.0.0 to 1.1.0), maintenance updates (e.g., 1.0.0 to 1.0.1), or both.
- Receive Notifications—
Receive notifications in Jamf Pro when a new Jamf Connect version is available.
Keep the following in mind when using this integration:
If a computer is in the scope of multiple configuration profiles, such as separate configuration profiles for the login window and menu bar app, Jamf Pro uses the most proactive update type for computers in scope of both profiles.
You cannot configure automatic updates to complete major updates (e.g., 1.19.3 to 2.0.0 or later). To complete a major upgrade for Jamf Connect, use a policy.
This feature cannot be used to downgrade the Jamf Connect version on computers.
Creating a Jamf Connect Configuration Profile Using Jamf Pro
You can use Jamf Pro to create a computer configuration profile that configures Jamf Connect settings with the Application & Custom Settings payload. This payload allows you to select Jamf Connect preferences, automatically generate a PLIST file, and configure the scope. Jamf Pro can use configuration profiles created in this way to automatically deploy and update Jamf Connect.
Depending on which components of Jamf Connect you plan to use, you must configure settings for the following Jamf application domains:
- com.jamf.connect—
Includes all settings for the Jamf Connect menu bar app
- com.jamf.connect.login—
Includes all settings for the Jamf Connect login window
You can configure multiple Application & Custom Setting payloads in a single configuration profile. This allows you to configure multiple preference domains in a single configuration profile.
You can split your Jamf Connect settings into multiple configuration profiles written to the same preference domains. This allows you to easily add or remove a subset of Jamf Connect settings (e.g., enrollment-only settings).
Configuring Enrollment-only Settings
Best practice workflows cover common scenarios; however, the following recommendations may not apply in your environment.If you plan to configure Jamf Connect settings that should only be used during enrollment, you can create a separate configuration profile for these settings. Common settings include the following:
Acceptable use policy settings
Notify screen script
authchanger command-line arguments that enable the Notify screen
Create a configuration profile that includes the following Application & Custom Settings payloads:
- Configure the
com.jamf.connect.login
preference domain with enrollment-only settings. - If your organization uses the Notify screen, configure the
com.jamf.connect.authchanger
preference domain to enable the Notify screen after Jamf Connect is installed.
Integration with a cloud identity provider (IdP)
Familiarity with your IdP's minimum authentication settings
Your configuration profiles are distributed to target computers when they check in with Jamf Pro.
If you configure deployment and update settings for the newly created profile, Jamf Pro installs or updates Jamf Connect on target computers.
Configuring Jamf Connect Deployment and Update Settings
You can configure Jamf Pro to deploy Jamf Connect to existing computers and automatically update the version as new releases become available. To do so, you must assign deployment and update settings to an existing configuration profile in Jamf Pro that has Jamf Connect settings. Jamf Pro will install and update computers in the scope of the configuration profile accordingly.
This deployment method is recommended for the following scenarios:
Deploying Jamf Connect for the first time to computers that are already enrolled in Jamf Pro.
Managing automatic update settings for existing computers that already have Jamf Connect installed.
Cloud Services Connection enabled
For instructions, see Cloud Services Connection in the Jamf Pro Documentation
The following Jamf Pro user account privileges:
Category Privilege Jamf Pro Server Settings
Jamf Connect (Read)
Jamf Pro Server Objects
Jamf Connect Deployments
Viewing and Retrying Jamf Connect Deployments
You can view the status of Jamf Connect deployments to see if the Jamf Connect package was successfully installed. If you need to retry a deployment, you can resend the install commands for one or more computers.