Integrating with Microsoft Azure

You can integrate Microsoft Azure with Jamf School to allow users to authenticate with Azure during or after enrollment, which assigns their user name to the device in Jamf School. When a user authenticates with Azure during enrollment, they complete the Setup Assistant and then authenticate with Azure before the device is enrolled. When a user authenticates with Azure after enrollment, they must complete the Setup Assistant and enrollment before they can authenticate using the Microsoft Azure web clip automatically created by Jamf School. Post-enrollment authentication can be used when a user is not assigned to a device. This can be useful in environments where third-parties stage devices for schools.

Requirements

To integrate Microsoft Azure with Jamf School, you need:

  • Mobile devices with iOS 13 or later and iPadOS 13 or later

  • Computers with macOS 10.15 or later

  • A server token file from Apple School Manager in Jamf School (For more information, see Integrating Jamf School with Apple School Manager.)

  • (Automated Device Enrollment only) An Automated Device Enrollment profile (DEP profile) for iOS, iPadOS, and m acOS devices. If you want users to authenticate during enrollment, the Require authentication for enrollment setting must be enabled. If you want users to authenticate after enrollment using the Azure web clip, the Require authentication for enrollment setting must be disabled. (For more information, see Automated Device Enrollment.)

  • (On-device enrollment or User Enrollment only) A User Enrollment profile (DEP profile) for iOS, iPadOS, and macOS devices with authentication enabled (For more information, see User Enrollment and On-Device Enrollment.)

Create an Application for Jamf School

  1. Log in to your Azure Administrator account by navigating to the following webpage: https://portal.azure.com/.

  2. Navigate to Azure Active Directory > App registrations.

  3. Click New registration to add an application for Jamf School.

  4. Enter "Jamf School" in the Name field, and then configure additional settings as needed.

  5. Click Register.

  6. Click Authentication in the sidebar.

  7. Click + Add a platform.

  8. Click Web.

  9. Do one or more of the following:

    • (Automated Device Enrollment only) Enter the full URL for your Jamf School server, followed by "/onboarding/oauth" in the Redirect URIs field. For example: "https://schoolname.jamfcloud.com/onboarding/oauth"

    • (On-device enrollment only) Enter the full URL for your Jamf School server, followed by "/enroll/oauth" in the Redirect URIs field. For example: "https://schoolname.jamfcloud.com/enroll/oauth"

    • (Web clip only) Enter the full URL for your Jamf School server, followed by "/link.html" in the Redirect URIs field. For example: "https://schoolname.jamfcloud.com/link.html"

      Note: You can also find your redirect URIs by navigating to Organization > Settings > Authentication in Jamf School.

  10. Configure additional settings as needed.

  11. Click Configure.

  12. Navigate to Overview in the sidebar.

  13. Copy the Application ID.

  14. Navigate to Certificates & secrets in the sidebar.

  15. Click + New client secret and configure the settings as needed.

  16. Click Add.
    The client secret is displayed after the settings are saved.

  17. Copy the client secret and paste it to a secure location.

    Note: You must copy the client secret before leaving this page because the key will no longer be visible once you leave the page.

  18. Click Overview in the sidebar.

  19. Click the Endpoints tab.

  20. Copy the following endpoints:

    • OAuth 2.0 token endpoint (v1)

    • OAuth 2.0 authorization endpoint (v1)

Apply Settings in Jamf School

  1. In Jamf School, navigate to Organization > Settings in the sidebar.

  2. Select the Authentication payload.

  3. Choose "Microsoft Azure" from the Authentication Method pop-up menu.

  4. Enter the Application ID from Azure in the Key/Client ID field.

  5. Enter the client secret from Azure in the Secret field.

  6. Enter the OAuth 2.0 authorization endpoint (v1) from Azure in the Authorization Endpoint field.

  7. Enter the OAuth 2.0 token endpoint (v1) from Azure in the Token Endpoint field.

  8. Click Save.

Microsoft Azure User Experience

Authentication During Enrollment

When Jamf School is integrated with Azure and a user enrolls a device that they are assigned to, they are guided through a series of steps to enroll and authenticate with Azure.

  1. The user navigates through the Setup Assistant.

  2. The user is prompted to log in to Microsoft Azure.
    After the user successfully logs in with Azure, their Azure username and email address is associated with the enrolled device record in Jamf School.

  3. The user taps Enroll this device to complete enrollment.

Authentication After Enrollment

When Jamf School is integrated with Azure and a user enrolls a device that they are not assigned to, they are guided through a series of steps to enroll and then authenticate with the Azure web clip.

  1. The user navigates through the Setup Assistant.

  2. The user taps Enroll this device to complete enrollment.

  3. The user taps the Azure Webclip on the Home screen and is prompted to log in to Microsoft Azure.
    After the user successfully logs in with Azure, their Azure username and email address is associated with the enrolled device record in Jamf School.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.