Configuring and Deploying Jamf Unlock

Jamf Unlock must be configured and deployed using an MDM solution that can deploy a managed app configuration, such as Jamf Pro.

  1. In Jamf Pro, click Devices at the top of the sidebar.
  2. Click Mobile Device Apps in the sidebar.
  3. Click New .
  4. Select App Store app or apps purchased in volume, and then search for Jamf Unlock.
  5. Click the General tab and ensure that the Make App Managed when possible checkbox is selected.
  6. Click the App Configuration tab and enter something similar to the following managed app configuration in the Preferences field:

    Azure AD
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Azure</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcd65c-52fe-4b63-8dde-d658abc0aee8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
    </dict>
    Okta
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Okta</string>
        <key>com.jamf.config.idp.oidc.tenant</key>
        <string>tenant-name</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcdqxanb4Rb4veu0h8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
    </dict>
    
    OneLogin
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>OneLogin</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcd01a8-7f89-42a9-9e25-339a39b75b60</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>com.jamf.connect.unlock://callback</string>
    </dict>
    
    Custom
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Custom</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcdqxanb4Rb4veu0h8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
        <key>com.jamf.config.idp.oidc.discovery-url</key>
        <string>https://domain.url.com/.well-known/openid-configuration</string>
        <key>com.jamf.config.idp.oidc.tenant</key>
        <string>tenant-name</string>
    </dict>
    For a complete reference of key-value pairs, see Managed App Configuration.
  7. Use the Scope, Self Service, and VPP tabs to configure app distribution settings as needed.
  8. Click Save .

Jamf Unlock is distributed to mobile devices in the scope the next time they contact Jamf Pro.