Jamf Pro SAML integration
Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to.
Jamf Pro is the Enterprise Mobility Management software that can manage an organization's Apple Ecosystem. Acceptto integrates with Jamf Pro to improve the security of users' logins into the Jamf Pro through its Intelligent SSO-MFA solution.
Prerequisites
An Acceptto account with a configured Identity Provider and LDAP Agent.
For more information, see the LDAP Agent deployment guide.
A user with administrative privileges for the Jamf Pro portal.
Configure Jamf Pro as a SAML Service Provider
Login to your Jamf Pro tenant and navigate to System Setting > Single Sign-On.
On the Single Sign-On Settings page, click Edit.
Check the Enable Single-Sign-On Authentication box. In the Identity Provider part, select Other and type a name in the blank part. Copy and note the Entity ID URL. This is the metadata URL of Jamf Pro, and is required for the Acceptto configuration in the next section.
In the Identity Provider Metadata Source, select Metadata URL and paste your organization's Metadata URL on Acceptto. It should be
https://sso.acceptto.com/<myorganization>/saml/download/metadata, where myorganization is your unique identifier in Acceptto cloud.
Keep the default settings in the User Mapping section.
Click on Save.
Acceptto SAML Configuration as Identity Provider (IdP)
Login to the Acceptto Dashboard with an administrative account and go to Applications.
Create a new application by selecting the Create New Application.
In the New Application form, enter the following values under the General tab.
Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs. (e.g. Jamf)
Type - Select "SAML Service Provider" from the options
Out of Band Methods - Select the allowed methods for approving MFA requests
Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional)
Under the SAML Service Provider Configuration tab, enter the following values:
Issuer or Entity ID– Enter the EntityID of your Jamf Pro instance, which you can find in the Jamf metadata file.
Sign in URL - The URL used to log in to your Jamf Pro instance.
NameID Format - Select "Email address" from the dropdown menu. Name Identifier - Select "Email" from the dropdown menu.
Assertion Consumer Service (ACS) URL - Enter the URL on the service provider to where the identity provider will redirect to with its authentication response.
Single Logout URL - The URL used to log out of your Jamf Pro instance.
Click Save to create the Application.
Test your application integration
Open the Jamf Pro login URL through a browser of choice. You will be redirected to the Acceptto SSO page.
After successful authentication, you’ll see the Acceptto MFA options. Select your desired method and accept the authentication request.
After successful authentication, you will be redirected to the Jamf Pro landing page.
Troubleshooting
If you have any problems logging into Jamf Pro with Acceptto SSO and need to edit the settings; you can open the failover login page at https://example.jamfcloud.com/?failover.
Support
If you have questions or need assistance, contact SecureAuth Support.
Sales
Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.
Disclaimer
All product names, trademarks, and registered trademarks are the property of their respective owners.
All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.