Google Identity

Jamf Connect Login provides support for Google Identity and can be used to replace the standard macOS loginwindow with a Google web view. Using the Google web view, you can do the following:

  • Authenticate with Google ID credentials

  • Use multi-factor authentication (MFA) and support conditional access

  • Create a local account on a macOS computer

These capabilities and other customizations can be easily configured with configuration profiles sent via MDM or installed locally on the computer.

Configuring the Google ID loginwindow

Deploying the Google ID loginwindow with Jamf Connect Login involves the following steps:

  1. Create credentials for Jamf Connect Login

  2. Create users and assign Roles

  3. Configure and Deploy Jamf Connect Login

Step 1: Create Credentials for Jamf Connect Login

You must integrate Jamf Connect Login with Google ID by creating OAuth 2.0 credentials for the app:

  1. Log in to Google Cloud.

  2. Click the Navigation menu in the upper-left corner.

  3. Click APIs & Services, and then click Credentials.
    Note: You may be prompted to create a project and assign it to your organization.

  4. Choose "OAuth client ID" from the Create credentials pop-up menu.

  5. Complete the following on the "Create OAuth client ID" page:

    1. Under "Application type", select Web application.

    2. Enter "Jamf Connect Login" in the Name field.

    3. Enter "https://127.0.0.1/jamfconnect" in the Authorized redirect URIs field.

  6. Click Create.

After successfully creating credentials for Jamf Connect Login, you can view the app in the Credentials pane and access its newly created Client ID.

Note: This value will be used with the OIDCClientID key when configuring Jamf Connect Login preferences.

For more information about creating OAuth 2.0 credentials, see the following documentation from Google: https://developers.google.com/identity/protocols/OpenIDConnect

Step 2: Create Users and Assign Roles

Once credentials are successfully created and saved for Jamf Connect Login, you can determine if all users are created as an "admin" or "standard" user with the CreateAdminUser key. This key applies to all users.

Note: Configuring whether each user is created as an "admin" or "standard" user is currently not supported with Google ID.

Step 3: Configure and Deploy Jamf Connect Login

Jamf Connect Login is deployed with a package installer, similar to other applications installed on macOS.

For more information on configuring Jamf Connect Login with Google ID, see the Configuration for IdPs using OpenID Connect.

For more information on deploying the Jamf Connect Login package installer, see the Deploying Jamf Connect Knowledge Base article.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.