You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/jamfprosamlconnector-tutorial.md
+14-13Lines changed: 14 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -91,7 +91,7 @@ In this section, you enable Azure AD SSO in the Azure portal.
91
91
92
92
1. On the **Set up Single Sign-On with SAML** page, go to the **SAML Signing Certificate** section, select the **copy** button to copy **App Federation Metadata URL**, and then save it to your computer.
@@ -100,7 +100,7 @@ In this section, you create a test user in the Azure portal called B.Simon.
100
100
1. In the left pane in the Azure portal, select **Azure Active Directory**, select **Users**, and then select **All users**.
101
101
1. Select **New user** at the top of the screen.
102
102
1. In the **User** properties, follow these steps:
103
-
1. In the **Name** field, enter `B.Simon`.
103
+
1. In the **Name** field, enter `B.Simon`.
104
104
1. In the **User name** field, enter [name]@[companydomain].[extension]. For example, `[email protected]`.
105
105
1. Select the **Show password** check box, and then write down the value that's displayed in the **Password** box.
106
106
1. Select **Create**.
@@ -123,7 +123,7 @@ In this section, you grant B.Simon access to Jamf Pro.
123
123
1. If you're expecting any role value in the SAML assertion, in the **Select Role** dialog box, select the appropriate role for the user. Then, select the **Select** button at the bottom of the screen.
124
124
1. In the **Add Assignment** dialog box, select the **Assign** button.
125
125
126
-
## Configure SSO in Jamf Pro
126
+
## Configure SSO in Jamf Pro
127
127
128
128
1. To automate the configuration within Jamf Pro, install the **My Apps Secure Sign-in browser extension** by selecting **Install the extension**.
129
129
@@ -147,30 +147,32 @@ In this section, you grant B.Simon access to Jamf Pro.
147
147
148
148

149
149
150
-
a. Select the **Enable Single Sign-On Authentication** check box.
150
+
a. Select **Edit**.
151
151
152
-
b. Select **Other** as an option from the **IDENTITY PROVIDER** drop-down menu.
152
+
b. Select the **Enable Single Sign-On Authentication** check box.
153
153
154
-
c. In the **OTHER PROVIDER** field, enter **Azure AD**.
154
+
c. Select **Azure** as an option from the **Identity Provider** drop-down menu.
155
155
156
156
d. Copy the **ENTITY ID** value and paste it into the **Identifier (Entity ID)** field in the **Basic SAML Configuration** section in the Azure portal.
157
157
158
158
> [!NOTE]
159
159
> Use the value in the `<SUBDOMAIN>` field to complete the sign-on URL and reply URL in the **Basic SAML Configuration** section in the Azure portal.
160
160
161
-
e. Select **Metadata URL** from the **IDENTITY PROVIDER METADATA SOURCE** drop-down menu. In the field that appears, paste the **App Federation Metadata Url** value that you've copied from the Azure portal.
161
+
e. Select **Metadata URL** from the **Identity Provider Metadata Source** drop-down menu. In the field that appears, paste the **App Federation Metadata Url** value that you've copied from the Azure portal.
162
162
163
-
7. On the same page, scroll down to the **User Mapping** section. Then, take the following steps.
163
+
f. (Optional) Edit the token expiration value or select "Disable SAML token expiration".
164
+
165
+
7. On the same page, scroll down to the **User Mapping** section. Then, take the following steps.
164
166
165
167

166
168
167
-
a. Select the **NameID** option for **IDENTITY PROVIDER USER MAPPING**. By default, this option is set to **NameID**, but you can define a custom attribute.
169
+
a. Select the **NameID** option for **Identity Provider User Mapping**. By default, this option is set to **NameID**, but you can define a custom attribute.
168
170
169
-
b. Select **Email** for **JAMF PRO USER MAPPING**. Jamf Pro maps SAML attributes sent by the IdP first by users and then by groups. When a user tries to access Jamf Pro, Jamf Pro gets information about the user from the Identity Provider and matches it against all Jamf Pro user accounts. If the incoming user account isn't found, then Jamf Pro attempts to match it by group name.
171
+
b. Select **Email** for **Jamf Pro User Mapping**. Jamf Pro maps SAML attributes sent by the IdP first by users and then by groups. When a user tries to access Jamf Pro, Jamf Pro gets information about the user from the Identity Provider and matches it against all Jamf Pro user accounts. If the incoming user account isn't found, then Jamf Pro attempts to match it by group name.
170
172
171
173
c. Paste the value `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups` in the **IDENTITY PROVIDER GROUP ATTRIBUTE NAME** field.
172
174
173
-
d. Select **Allow users to bypass the Single Sign-On authentication**. As a result, users won't be redirected to the Identity Provider sign-in page for authentication and can sign in to Jamf Pro directly instead. When a user tries to access Jamf Pro via the Identity Provider, IdP-initiated SSO authentication and authorization occurs.
175
+
d. On the same page, scroll down to the **Security** section and select **Allow users to bypass the Single Sign-On authentication**. As a result, users won't be redirected to the Identity Provider sign-in page for authentication and can sign in to Jamf Pro directly instead. When a user tries to access Jamf Pro via the Identity Provider, IdP-initiated SSO authentication and authorization occurs.
174
176
175
177
e. Select **Save**.
176
178
@@ -216,7 +218,7 @@ To provision a user account, take the following steps:
216
218
217
219
g. Select **Save**.
218
220
219
-
## Test the SSO configuration
221
+
## Test the SSO configuration
220
222
221
223
In this section, you test your Azure AD single sign-on configuration by using the Access Panel.
222
224
@@ -231,4 +233,3 @@ When you select the Jamf Pro tile in the Access Panel, you should be automatical
231
233
-[What is Conditional Access in Azure Active Directory?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview)
232
234
233
235
-[Try Jamf Pro with Azure AD](https://aad.portal.azure.com/)
0 commit comments