Deploying Jamf Connect Login

Installation

You can install Jamf Connect Login with the signed package installer provided by Jamf. This package is signed by a valid Apple Developer identity and will install Jamf Connect Login in the following location:

/Library/Security/SecurityAgentPlugins

The package also installs the following authentication tools:

  • authchanger

    /Library/Security/SecurityAgentPlugins/JamfConnectLogin.bundle/Contents/MacOS/authchanger

    The authchanger runs at the end of the installation, which updates the authorization database for OpenID Connect authentication and enables Jamf Connect Login.

  • Pluggable Authentication Module (PAM)

    /usr/local/lib/pam/pam_saml.so.2

For more information about the authchanger and PAM, see Authentication Tools.

You can use the package installer with multiple macOS management tools that allow package deployment. After installing the package and a configuration profile, the login window will display on the next log in attempt. Restarting the computer is not required.

Note: If you would like to use a non-standard authorization rule set, you can rebuild the package without the authchanger binary and supply your own method for updating the authorization database.

Deployment

You can deploy Jamf Connect Login to target computers in your environment using your preferred MDM solution.

Note: This workflow assumes you have met the general requirements for Jamf Connect. For more information, see General Requirements and IdP Compatibility.

  1. Open the Jamf Connect DMG and download the following packages:

    • Jamf Connect Login

    • Jamf Connect Configuration

  2. Create a Jamf Connect Login configuration profile:

    1. Open Jamf Connect Configuration.

    2. Click New.

    3. Select your IdP from the Identity Provider pop-up menu and complete the required fields.

    4. (Optional) Click Advanced Setup to configure additional settings and test your configuration. For more information, see Jamf Connect Configuration.

    5. Click Save to generate a configuration profile for Jamf Connect Login.

  3. Upload your Jamf Connect configuration profile file to your MDM solution. If using Jamf Pro, use the "Custom Settings" payload.
    For more information about custom configuration profiles, see the Deploying Custom Configuration Profiles using Jamf Pro Knowledge Base article.

  4. Upload the provided license key configuration profile to your MDM solution.

    Note: You can use the same license key for all Jamf Connect apps.

  5. Scope the uploaded profile from step 4 to the same computers targeted in step 3.

    Important: If using Okta, you must also enable Okta authentication by renaming the Jamf Connect Login installer package to include "Okta" in its name. The package name is not case-sensitve.

  6. Upload the PKG files for Jamf Connect Login to your MDM solution.

  7. Create a policy to deploy packages from step 6 and scope the policy to targeted computers.

Related Information

For related information see the following sections of this guide:

For related information about customizing the Jamf Connect Login package, see the Customizing the Jamf Connect Login Package with Composer Knowledge Base article.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.