Skip to main content

Jamf Pro SAML integration

Multi-Factor Authentication (MFA) is an extra layer of security used when logging into websites or apps. Individuals are authenticated through more than one required security and validation procedure that only they know or have access to.

Security Assertion Markup Language (SAML) is a protocol for authenticating to web applications. SAML allows federated apps and organizations to communicate and trust one another’s users.

Jamf Pro is the Enterprise Mobility Management software that can manage an organization's Apple Ecosystem. Arculix by SecureAuth integrates with Jamf Pro to improve the security of users' logins into the Jamf Pro through its Intelligent SSO-MFA solution.

Prerequisites

  • Configured Arculix instance and user account with administrative privileges for Arculix.

  • Configured Arculix LDAP Agent.

    For more information, see the Arculix LDAP Agent deployment guide.

  • User account with administrative privileges for the Jamf Pro portal.

Jamf Pro configuration

In this section, you'll configure Jamf Pro as a service provider (SP).

  1. Log in to your Jamf Pro tenant and go to System Setting > Single Sign-On.

    jamf_system_settings.png

  2. On the Single Sign-On Settings page, click Edit.

    jamf_edit_settings.png

  3. Set the following configurations:

    Enable Single-Sign-On Authentication

    Select the check box to enable.

    Identity Provider

    Select Other and enter a unique name.

    For example, Arculix.

    Entity ID

    Copy the URL.

    This is the metadata URL of Jamf Pro, and is required for Arculix configuration.

    jamf_enable_sso.png

  4. In the Identity Provider Metadata Source section, select Metadata URL and enter your organization's Metadata URL on Arculix.

    It should be https://sso.acceptto.com/<myorganization>/saml/download/metadata, where myorganization is your unique identifier in Arculix cloud.

    jamf_metadata_url.png

  5. In the User Mapping section, keep the default settings.

    jamf_user_mapping.png

  6. Click Save.

Arculix SAML configuration as an Identity Provider (IdP)

In this section, you'll add an application for Jamf Pro and set the SAML configuration settings. This will be the Identity Provider (IdP) side of the configuration.

  1. Log in to Arculix with an administrative account and go to Applications.

  2. Click Create New Application.

    Create new application

  3. In the New Application form, on the General tab, set the following configurations:

    Name

    Set the name of the application. This is the name to display for push notifications, in the Admin panel, Application portal, and audit logs.

    For example, Jamf Pro.

    Type

    Set to SAML Service Provider.

    Out of Band Methods

    Select the allowed methods end users can choose to approve MFA requests.

    For example, Arculix Mobile app (push notifications), SMS, or Security Key.

    Message for MFA Requests

    Optional. Type a message displayed to end users when sending an MFA request via push notification, SMS, or email.

    arculix_new_app_jamfpro.png

  4. Select the SAML Service Provider Configuration tab, and set the following configurations:

    arculix_jamfpro_saml_settings.png

    Issuer or Entity ID 

    Enter the EntityID of your JamfPro instance provided inthe Jamf Pro metadata.

    Log in URL 

    Enter the URL used by users to log in to your Jamf Pro instance.

    NameID Format 

    Set to Email Address.

    Name Identifier 

    Set to Email.

    ACS URL 

    Enter the URL to were the identity provider will redirect to with its authentication response.

    Single Logout URL

    Enter the URL used to log out of your Jamf Pro instance.

  5. Save your changes.

Test your application integration

  1. Go to your Jamf Pro URL.

  2. You will be redirected to the Arculix SSO page.

    Application login page with email

  3. After successful authentication, select your preferred MFA method to approve access to the Jamf Pro application.

    Select MFA method

  4. After successful authentication, you will be redirected to the Jamf Pro landing page.

    jamf_dash.png

Troubleshooting

If you have any problems logging into Jamf Pro with Arculix SSO and need to edit the settings; you can open the failover login page at https://example.jamfcloud.com/?failover.

Support

If you have questions or need assistance, contact SecureAuth Support.

Sales

Want to learn more about our MFA solutions? Contact our Professional Services for a demo today.

Disclaimer

All product names, trademarks, and registered trademarks are the property of their respective owners.

All company, product, and service names used in this document are for identification purposes only. The use of these names, trademarks, and brands do not constitute an endorsement by the SecureAuth Corporation.

In this section: