Jamf School lets you enroll users from Microsoft Azure into Jamf School via an automated process by presenting a web clip onto the user device. This web clip enables authentication through Microsoft Azure, importing the user into Jamf School and linking the Azure account with the iPad.
Microsoft Azure Jamf School Management System implementation and setup details:
Step 1: Azure->Login
Login with your Azure Admin account.
Step 2: Azure->Active Directory: Create Application for Jamf School Management System
Within the Azure Active Directory folder, create an application named Jamf School Management System.
App Registrations > New application registration
Name > Jamf School Management System
Application type: Web app / API
Sign-on URL: <schoolname>.jamfcloud.com
Select your application, find the Application ID and copy it to the clipboard.
Generate a key, click Keys and enter a Key description (Jamf School Management System key) and select expires in 1 year.
The key will be displayed when these settings are saved. Copy the key to the clipboard, once you leave the page the key will not be visible.
General > Properties
App ID URI: <schoolname>.jamfcloud.com
Home page URL: <schoolname>.jamfcloud.com
Click Reply URLs, this needs to be a validated reply domain(s).
Reply URL: <schoolname>.jamfcloud.com/link.html
Some information after completing the creation of the app, is needed in the following steps.
After creating the application please make a note of the endpoints which are automatically created. You can expose the endpoints by going back to the “App Registrations” and click on the “Endpoints” button on the top of the view.
Copy the following endpoints to the clipboard:
OAuth 2.0 Token Endpoint.
OAuth 2.0 Authorization Endpoint.
Step 3: Azure->API Management Services: Create API Jamf School Management System
Create an API to connect the application with the login / SSO named Jamf School Management System[company].
When the API service is activated:
Select security->OAuth2 click Add:
Client registration page URL: <schoolname>.jamfcloud.com
Authorization grant types > Authorization code
Authorization endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/authorize
Authorization request method: GET & POST
Token endpoint URL: https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /oauth2/token
Application ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx This is the application id, generated at step 2.
Client Secret: XXXXXXXXXXXXXXXXXXXXXXX. This is generated only once and shown when the application key has been generated at step 2. Please be aware that the Client secret is only shown once, while saving the Active directory application.
Step 4: Apply settings in Jamf School
Apply the Microsoft Azure settings in Jamf School via Organization->Settings->Authentication. Setting the Authentication Method to Microsoft Azure enables you to enter the appropriate values.
Key: Application Client Id, found in the Azure Application configuration.
Secret: Application Secret, generated after setting a key and saving the Azure application.
Authorization Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
Token Endpoint: Application Endpoint, exposed when viewing the Azure application Endpoints.
Callback URL: Application Reply URL, found in the Azure Application configuration.
Microsoft Azure Device and User Flow:
Step 1: Special Microsoft Azure web clip on user device
When a user starts with a new device and the device has not yet been linked / associated with a user, the device will show a web clip that the user can activate. This enables the user to authenticate via Microsoft Azure.
Step 2: Select Microsoft Account
After clicking the web clip the user is redirected to Microsoft Azure. This enables the user to login
Step 3: Jamf School Management System Sign in permission
Accept the Jamf School Management System sign in and read your profile message.
Step 4: Jamf School Management System Message
After a successful login the user is registered in Jamf School Management System and linked to the device.