Microsoft Azure Implementation

Jamf School lets you enroll users from Microsoft Azure into Jamf School via an automated process by presenting a web clip onto the user device. This web clip enables authentication through Microsoft Azure, importing the user into Jamf School and linking the Azure account with the iPad.

Microsoft Azure Jamf School Management System implementation and setup details:

Step 1: Azure->Login

Login with your Azure Admin account.

https://portal.azure.com/
https://manage.windowsazure.com/

Step 2: Azure->Active Directory: Create Application for Jamf School Management System

Within the Azure Active Directory folder, create an application named Jamf School Management System.

App Registrations > New application registration

Name > Jamf School Management System

Application type: Web app / API

Sign-on URL: <schoolname>.jamfcloud.com

Create

Select your application, find the Application ID and copy it to the clipboard.

Generate a key, click Keys and enter a Key description (Jamf School Management System key) and select expires in 1 year.

The key will be displayed when these settings are saved. Copy the key to the clipboard, once you leave the page the key will not be visible.

General > Properties

  • App ID URI: <schoolname>.jamfcloud.com

  • Home page URL: <schoolname>.jamfcloud.com

Save

Click Reply URLs, this needs to be a validated reply domain(s).

Reply URL: <schoolname>.jamfcloud.com/link.html

Some information after completing the creation of the app, is needed in the following steps.

After creating the application please make a note of the endpoints which are automatically created. You can expose the endpoints by going back to the “App Registrations” and click on the “Endpoints” button on the top of the view.

Copy the following endpoints to the clipboard:

  • OAuth 2.0 Token Endpoint.

  • OAuth 2.0 Authorization Endpoint.

Step 3: Azure->API Management Services: Create API Jamf School Management System

Create an API to connect the application with the login / SSO named Jamf School Management System[company].

When the API service is activated:

  • Select security->OAuth2 click Add:

    • Client registration page URL: <schoolname>.jamfcloud.com

    • Authorization grant types > Authorization code

    • Authorization endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/authorize

    • Authorization request method: GET & POST

    • Token endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/token

    • Application ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx This is the application id, generated at step 2.

    • Client Secret: XXXXXXXXXXXXXXXXXXXXXXX. This is generated only once and shown when the application key has been generated at step 2. Please be aware that the Client secret is only shown once, while saving the Active directory application.

Step 4: Apply settings in Jamf School

Apply the Microsoft Azure settings in Jamf School via Organization->Settings->Authentication. Setting the Authentication Method to Microsoft Azure enables you to enter the appropriate values.

Key: Application Client Id, found in the Azure Application configuration.
Secret: Application Secret, generated after setting a key and saving the Azure application.
Authorization Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
Token Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
Callback URL: Application Reply URL, found in the Azure Application configuration.

Microsoft Azure Device and User Flow:

Step 1: Special Microsoft Azure web clip on user device

When a user starts with a new device and the device has not yet been linked / associated with a user, the device will show a web clip that the user can activate. This enables the user to authenticate via Microsoft Azure.

Step 2: Select Microsoft Account

After clicking the web clip the user is redirected to Microsoft Azure. This enables the user to login

Step 3: Jamf School Management System Sign in permission

Accept the Jamf School Management System sign in and read your profile message.

Step 4: Jamf School Management System Message

After a successful login the user is registered in Jamf School Management System and linked to the device.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.