Integrating with PingFederate

You must create an app integration in PingFederate for Jamf Connect. When integrating with PingFederate, keep the following in mind when configuring settings in your administrative console:

  • The client ID for your Jamf Connect client should not include any spaces.

  • The Resource Owner Credentials Mapping settings should map to a Source Password Validator instance.

  • Makes sure you review the Access Token Attribute Contract to ensure the access token from PingFederate includes necessary claims (username and email) to create a local account with Jamf Connect.

  • If issuing an Internally Managed Reference Token from PingFederate for Jamf Connect, you must also set the UseUserInfo preference key to true in your Jamf Connect login window configuration profile. This settings allows Jamf Connect to request additional claims from a user token. You may also need to set the OpenID Connect Scopes (OIDCScopes) setting to openid+profile.

  1. Log in to the PingFederate administrative console.
  2. In the Main menu, click OAuthServer.
  3. Under Clients, click Create New.
  4. Enter a value, such as jamfconnect, in the Client ID field.

    Make sure this value does not include any spaces.

  5. Enter a name for your client, such as Jamf Connect.
    1. Select None for Client Authentication.
    2. Enter a valid URI, such as in the Redirect URIS field.
  6. Select the Bypass checkbox next to Bypass Authorization Approval.
  7. Select the following Allowed Grant Types checkboxes:
    • Select the Authorization Code checkbox.

    • Select the Refresh Token checkbox.

    • Select the Resource Owner Password Credentials checkbox.

  8. Click Save.

Once Jamf Connect is added as a client in PingFederate, you can create users and roles for Jamf Connect as needed. You can then assign Jamf Connect to roles and the users associated with the role.