Managed App Configuration

You can use managed app configuration to configure and customize Jamf-managed apps for your organization. Managed app configuration is a set of key-value pairs used to configure iOS applications. 
Note: If optional configurations are not used, the app's default settings will display.
For more information or to generate a managed app configuration, see the AppConfig Community website: AppConfig for iOS.

Unlock Identity Provider Settings

The following settings are used to enable authentication with your cloud identity provider (IdP) for Jamf Unlock. For more information about integration with an IdP, see Identity Provider Integrations.


Identity Provider

(Required) The name of your cloud identity Provider. The following values are supported:

  • Azure
  • Okta
  • OneLogin
  • Custom

Client ID

The client ID of the Jamf Connect app in your IdP used to authenticate the user.


Tenant ID

The Tenant ID for your organization used for authentication.

This value is required for Okta and must be the name of your Okta domain.


If your okta domain is, your tenant key-value is company.


Client Secret

The client secret for your Jamf Connect app in your IdP.


Redirect URI

The redirect URI used by your Jamf Connect app in your IdP.

For Jamf Unlock, this must be the following, depending on your IdP:

  • Azure ADjamfunlock://callback/auth
  • Oktajamfunlock://callback/auth
  • OneLogincom.jamf.connect.unlock://callback

Discovery URL

Your IdP's OpenID metadata document that stores OpenID configuration information. This value appears in the following format:

This value is required if your using Custom as your identity provider.


Custom Scopes

Specifies custom scopes, which return additional claims in a user's ID token during authorization. Standard scopes include openid, profile, and offline_access. If you include multiple scopes, add a "+" to separate them.

Unlock Device Passcode and Authentication Restrictions

The following settings are used to configure PIN and biometric authentication requirements for users.


Require PIN Authentication

Require and display a PIN that users must enter to complete authentication requests on computers. This setting is set to false by default.

Important: To ensure authentication with Jamf Unlock works as expected, make sure your PIN requirement settings are the same between your Jamf Unlock managed app configuration and Jamf Connect configuration profile.

PIN Type

The type of PIN used for the app. Supported values are rotating and static.


PIN Rotation Frequency

An integer, in seconds, that's used to rotate the PIN.

To use this setting, rotating must be set as the PIN type. 30 seconds is used by default.


Require Biometric Authentication

Require users to use Face ID or Touch ID to complete authentication with Jamf Unlock. The type of authentication that is used depends on the user's mobile device hardware version.


Require biometric authentication to open app

Require users to use Face ID or Touch ID to open the Jamf Unlock app. This setting is set to false by default.


Require biometric authentication to complete authentication requests

Require users to use Face ID or Touch ID to complete each authentication request from a paired computer. This setting is set to true by default.

Unlock Custom Branding

The following settings are used to customized the Jamf Unlock app for your organization.


Logo URL

The URL to a custom logo to use for organization. This logo displays in the upper-center of the screen above the user's name in the app.