Integrating with PingFederate

Integrating Jamf Connect with PingFederate involves the following steps:

  1. Add Jamf Connect as a new client app in PingFederate.

  2. Create users and assign roles.

When integrating with PingFederate, keep the following in mind when configuring settings in your administrative console:

  • The client ID for your Jamf Connect client should not include any spaces.

  • The Resource Owner Credentials Mapping settings should map to a Source Password Validator instance.

  • Makes sure you review the Access Token Attribute Contract to ensure the access token from PingFederate includes necessary claims (username and email) to create a local account with Jamf Connect.

  • If issuing an Internally Managed Reference Token from PingFederate for Jamf Connect, you must also set the UseUserInfo preference key to true in your Jamf Connect login window configuration profile. This settings allows Jamf Connect to request additional claims from a user token.

For more information about managing PingFederate, see the OAuth Configuration section the PingFederate Administrator's Manual.

Integrating with PingFederate

  1. Log in to the PingFederate administrative console.

  2. In the Main menu, click OAuthServer.

  3. Under Clients, click Create New.

  4. Enter a value, such as "jamfconnect", in the Client ID field.

    Note: Make sure this value does not include any spaces.

  5. Enter a name for your client, such as "Jamf Connect".

    1. Select None for Client Authentication.

    2. Enter a valid URI, such as "https://127.0.0.1/jamfconnect" in the Redirect URIS field.

  6. Select the Bypass checkbox next to Bypass Authorization Approval.

  7. Select the following Allowed Grant Types checkboxes:

    • Select the Authorization Code checkbox.

    • Select the Refresh Token checkbox.

    • Select the Resource Owner Password Credentials checkbox.

  8. Click Save.

Creating Users and Assigning Roles

Once Jamf Connect is added as a client in PingFederate, you can create users and roles for Jamf Connect as needed. You can then assign Jamf Connect to roles and the users associated with the role:

For step-by-step instructions on how to create users and assign groups, see the following resources from Ping:
https://documentation.pingidentity.com/pingfederate/pf90/index.shtml#task_accountManagement_toAddUser.html#task_accountManagement_toAddUser

Related Information

For related information, see the following:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.