Jamf Connect Configuration

Jamf Connect Configuration is an app that allows administrators to automatically create computer configuration profiles for Jamf Connect apps. You can use Jamf Connect Configuration to do the following:

  • Select and specify Jamf Connect preferences.

  • Test configurations to confirm a successful connection with your cloud identity provider (IdP).

  • Save configuration profiles, which you can install locally or upload for deployment with an MDM solution. Configuration profiles can be saved in .mobileconfig or PLIST format.

  • Upload configuration profiles in .mobileconfig format to Jamf Pro.

  • Edit, duplicate, or import existing Jamf Connect configuration profiles.

Creating a Configuration Profile using Jamf Connect Configuration

When you create a configuration profile, you can either save the file locally or upload it to Jamf Pro. If uploading to Jamf Pro, keep the following in mind:

  • Configurations must be saved in .mobileconfig format.

  • Profile file names cannot match an already existing name of a configuration profile in Jamf Pro.

  • You cannot upload updates to an already existing configuration profile with the same name.

Requirements

To upload a configuration profile to Jamf Pro, you need credentials to a Jamf Pro user account with administrator privileges.

  1. In Jamf Connect Configuration, click the + icon at the bottom-left of the window.
  2. Name your new configuration by clicking on it in the sidebar.
  3. Click the Identity Provider tab.
  4. Configure authentication settings:
    1. Choose your cloud identity provider (IdP) from the Identity Provider pop-up menu.
    2. Configure the minimum authentication fields for your IdP.
      Note:

      Minimum settings vary based on your IdP. For more information, see Minimum Authentication Settings by Identity Provider.

  5. (Optional) Configure advanced authentication settings in the Okta or OIDC settings sections.
  6. Click the Login tab.
  7. Configure settings for the login window, including user creation settings.
  8. Click the Connect tab.
  9. Configure settings for the menu bar app, including Kerberos integration settings.
  10. (Optional) Click the </> button in the top-right and do the following:
    1. Review your configuration profile in XML format.
    2. Manually configure additional preference keys.

      For lists of available preference keys, see the Preference Key Reference.

  11. Click the Test button to confirm that your authentication settings are correctly configured.
  12. (Optional) Save and export your configuration profile.
    1. Click File > Save from the Apple menu bar.
    2. Select which preference domain to write the configuration profile to.
    3. To upload the profile to Jamf Pro, select the Jamf Pro Upload checkbox and enter your Jamf Pro instance URL, username, and password.

      Make sure to also confirm a successful connection using the Check Connection button.

    4. Select a file format.
      Important:

      • To upload your configuration to Jamf Pro, you must save the configuration in .mobileconfig format.

      • If you select .mobileconfig, you must also complete the Payload Configuration Profile Data section.

    5. Click Save and name your configuration profile.
Your configuration profile is now ready to be installed locally or uploaded to an MDM solution for deployment.

If you selected the Jamf Pro Upload checkbox, the configuration profile is automatically uploaded to Jamf Pro.

Saving User Tokens from Jamf Connect Configuration

You can use Jamf Connect Configuration's testing feature to save a test user's access, refresh, an ID token after a successful authentication.

Requirements

You must have a working configuration for an identity provider (IdP) that uses the OpenID Connect authentication protocol with Jamf Connect (e.g., Azure AD, Google Cloud ID, OneLogin, PingFederate).

  1. In Jamf Connect Configuration, click Test > OIDC.
  2. Log in with a valid username and password that has been assigned Jamf Connect in your IdP's admin console, portal, or a similar tool.
    One of the following will occur:

    • If you successfully authenticate, your configuration is working and ready to save.

    • If you are unable to authenticate, your configuration needs additional settings or contains errors. Review your settings and repeat the testing process.

  3. Click Save on the bottom-right of the window to save the access, refresh, and ID tokens to your computer.

Each token is saved as an encoded string in a .txt file.

  • jamf-refreshToken.txt

  • jamf-accessToken.txt

  • jamf-idToken.txt

To decode the tokens, you can use a JSON web token (JWT) decoder tool, such as Auth0's jwt.io website.