Managed App Configuration

You can use managed app configuration to configure and customize Jamf-managed apps for your organization. managed app configuration is a set of key-value pairs used to configure iOS applications. 
Note: If optional configurations are not used, the app's default settings will display.
For more information or to generate a managed app configuration, see the AppConfig Community website: AppConfig for iOS.

Unlock Identity Provider Settings

The following settings are used to enable authentication with your cloud identity provider (IdP) for Jamf Unlock. For more information about integration with an IdP, see Identity Provider Integrations.

Key-ValueDescription
<key>com.jamf.config.idp.oidc.provider</key>
<string>Azure</string>

Identity Provider

(Required) The name of your cloud identity Provider. The following values are supported:

  • Azure
  • Okta
  • OneLogin
  • Custom
<key>com.jamf.config.idp.oidc.client.id</key>
<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>

Client ID

The client ID of the Jamf Connect app in your IdP used to authenticate the user.

<key>com.jamf.config.idp.oidc.tenant</key>
<string>tenant-name</string>

Tenant ID

The Tenant ID for your organization used for authentication.

This value is required for Okta and must be the name of your Okta domain.

<key>com.jamf.config.idp.oidc.client-secret</key>
<string>abc123dkjedkl55jdk33</string>

Client Secret

The client secret for your Jamf Connect app in your IdP.

<key>com.jamf.config.idp.oidc.redirect.uri</key>
<string>msauth.com.jamf.connect.token.ios://auth</string>

Redirect URI

The redirect URI used by your Jamf Connect app in your IdP.

For Jamf Unlock, this must be the following, depending on your IdP:

  • Azure ADjamfunlock://callback/auth
  • Oktajamfunlock://callback/auth
  • OneLogincom.jamf.connect.unlock://callback
<key>com.jamf.config.idp.oidc.discovery-url</key>
<string>https://domain.url.com/.well-known/openid-configuration</string>

Discovery URL

Your IdP's OpenID metadata document that stores OpenID configuration information. This value appears in the following format: https://domain.url.com/.well-known/openid-configuration

This value is required if your using Custom as your identity provider.

<key>com.jamf.config.idp.oidc.scopes</key>
<string>openid+profile</string>

Custom Scopes

Specifies custom scopes, which return additional claims in a user's ID token during authorization. Standard scopes include openid, profile, and offline_access. If you include multiple scopes, add a "+" to separate them.

Unlock Device Passcode and Authentication Restrictions

The following settings are used to configure PIN and biometric authentication requirements for users.

Key-ValueDescription
<key>com.jamf.config.pin.required</key>
<true/>

Require PIN Authentication

Require and display a PIN that users must enter to complete authentication requests on computers. This setting is set to false by default.

<key>com.jamf.config.pin.type</key>
<string>rotating</string>

PIN Type

The type of PIN used for the app. Supported values are rotating and static.

<key>com.jamf.config.pin.rotation.frequency</key>
<integer>30</integer>

PIN Rotation Frequency

An integer, in seconds, that's used to rotate the PIN.

To use this setting, rotating must be set as the PIN type. 30 seconds is used by default.

<key>com.jamf.config.biometrics.required</key>
<false/>

Require Biometric Authentication

Require users to use Face ID or Touch ID to complete authentication with Jamf Unlock. The type of authentication that is used depends on the user's mobile device hardware version.

<key>com.jamf.config.biometric-auth-at-launch.enabled</key>
<false/> 

Require biometric authentication to open app

Require users to use Face ID or Touch ID to open the Jamf Unlock app. This setting is set to false by default.

<key>com.jamf.config.biometric-auth-before-unlock.enabled</key>
<true/> 

Require biometric authentication to complete authentication requests

Require users to use Face ID or Touch ID to complete each authentication request from a paired computer. This setting is set to true by default.

Unlock Custom Branding

The following settings are used to customized the Jamf Unlock app for your organization.

Key-ValueDescription
<key>com.jamf.config.ui.logo.url</key>
<string>https://www.example-image-url.com</string>

Logo URL

The URL to a custom logo to use for organization. This logo displays in the upper-center of the screen above the user's name in the app.