Configuring and Deploying Jamf Unlock

Jamf Unlock must be configured and deployed using an MDM solution that can deploy a managed app configuration, such as Jamf Pro.

  1. In Jamf Pro, click Devices (icon) at the top of the sidebar.
  2. Click Mobile Device Apps (icon) in the sidebar.
  3. Click New .
  4. Select App Store app or VPP store app, and then search for Jamf Unlock.
  5. Click the General tab and ensure that the Make App managed when possible checkbox is selected.
  6. Click the App Configuration tab and enter something similar to the following managed app configuration in the Preferences field:
    Azure AD
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Azure</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcd65c-52fe-4b63-8dde-d658abc0aee8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
    </dict>
    Okta
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Okta</string>
        <key>com.jamf.config.idp.oidc.tenant</key>
        <string>tenant-name</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcdqxanb4Rb4veu0h8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
    </dict>
    
    OneLogin
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>OneLogin</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcd01a8-7f89-42a9-9e25-339a39b75b60</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>com.jamf.connect.unlock://callback</string>
    </dict>
    
    Custom
    <dict>
        <key>com.jamf.config.idp.oidc.provider</key>
        <string>Custom</string>
        <key>com.jamf.config.idp.oidc.client-id</key>
        <string>abcdqxanb4Rb4veu0h8</string>
        <key>com.jamf.config.idp.oidc.redirect-uri</key>
        <string>jamfunlock://callback/auth</string>
        <key>com.jamf.config.idp.oidc.discovery-url</key>
        <string>https://domain.url.com/.well-known/openid-configuration</string>
        <key>com.jamf.config.idp.oidc.tenant</key>
        <string>tenant-name</string>
    </dict>
    For a complete reference of key-value pairs, see the Managed App Configuration.
  7. Use the Scope, Self Service, and VPP tabs to configure app distribution settings as needed.
  8. Click Save .

Jamf Unlock will be distributed to mobile devices in the scope the next time they contact Jamf Pro.