Integrating with Microsoft Azure

Jamf School lets you enroll users from Microsoft Azure into Jamf School via an automated process by presenting a web clip on the user's device. This web clip enables authentication through Microsoft Azure, by importing the user into Jamf School and linking the Azure account with the iPad.

Create an Application for Jamf School

  1. Log in to your Azure Administrator account by navigating to the following: https://portal.azure.com/.

  2. Navigate to Azure Active Directory > App registrations.

  3. Click New registration and add an application for Jamf School:

    • Name: Jamf School Management System

    • Application type: Web app / API

    • Sign-on URL: <schoolname>.jamfcloud.com

  4. Click Register.

  5. Select your application, find the Application ID, and copy it to the clipboard.

  6. Generate a key, click Certificates and Keys, and create a new client secret. Give it a name and copy the key.

    Note: The key is displayed when these settings are saved. Copy the key to the clipboard because the key will not be visible once you leave the page.

  7. After creating the application, make a note of the endpoints that are automatically created. You can expose the endpoints by going back to “App Registrations” and clicking Endpoints at the top of the pane.

  8. Copy the following endpoints to the clipboard:

    • OAuth 2.0 Token Endpoint (v1)

    • OAuth 2.0 Authorization Endpoint (v1)

Apply Settings in Jamf School

  1. In Jamf School, navigate to Organization > Settings in the sidebar.

  2. Select the Authentication payload.

  3. Choose "Microsoft Azure" from the Authentication Method pop-up menu, and enter the appropriate values:

    • Key: Application Client Id, found in the Azure Application configuration

    • Secret: Application Secret, generated after setting a key and saving the Azure application

    • Authorization Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints

    • Token Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints

    • CallbackURL: Application Reply URL, found in the Azure Application configuration

Microsoft Azure User Experience

When a user starts using a new device and the device has not been associated with a user yet, the device will show a web clip that the user can activate. This enables the user to authenticate via Microsoft Azure.

  1. The user will click the web clip to be redirected to Microsoft Azure.

  2. The user is prompted to log in to Microsoft Azure.

  3. The user must accept the Jamf School sign-in and read their profile message.

  4. After a successful login, the user is registered in Jamf School and associated with the device.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.