Integrating with Microsoft Azure AD

You can integrate Microsoft Azure AD with the Jamf Protect web app to require users to sign in with their Azure AD credentials.

Integrating with Azure AD involves the following steps:

  1. Register your Jamf Protect web app with Azure AD.

  2. Connect your app registration with your Jamf Protect tenant. This is done by your Jamf Customer Success Manager.

Registering a New Application for Jamf Protect in Azure AD

You must create a new app registration in Azure AD, which will be used to manage authentication and access for Jamf Protect.

While setting up your registered app, make sure you configure the following settings:

Redirect URI
Choose Web from pop-up menu and set the redirect URI to one of the following, depending on your region:
  • US: https://auth.protect.jamfcloud.com/login/callback

  • EU: https://eu-auth.protect.jamfcloud.com/login/callback

  • APAC: https://au-auth.protect.jamfcloud.com/login/callback

Client Secret Value
Create a client secret for your registered app. This value will be used by your Jamf Customer Success Manager to connect your registered app to your Jamf Protect tenant.
Note:

Make sure you supply the client secret value (not the client secret ID) to your Jamf Customer Success Manager

API Permissions
Make sure to assign the following delegated and application API permissions to your Jamf Protect app registration. To configure these permissions, click API Permissions in your Jamf Protect registered app, and then select the Microsoft Graph API to open the Request API permissions menu.
Delegated PermissionsApplication Permissions

User.Read

Directory.Read.All

Directory.AccessAsUser.All

Directory.Read.All
For instructions on registering an app, including adding users and groups to the app, see the following Microsoft documentation:

Connecting your App Registration to your Jamf Protect Tenant

After you have created your registered app, you must supply the following values to your Jamf Customer Success Manager, who will connect your Azure AD domain with your Jamf Protect tenant.

  • Application (Client) ID

  • Client Secret Value

  • Your Azure AD Domain

After sign-in with Azure AD is enabled, navigate to your Jamf Protect tenant URL and confirm that the Azure AD sign-in window appears.
Note:

Users may be prompted by Microsoft to give your Jamf Protect application the necessary permissions to sign in using Microsoft credentials. To accept the prompt for all users in your organization, sign in to Jamf Protect using Azure AD administrator credentials, and then check the Consent on behalf of your organization checkbox to accept the permissions prompt.