Check the Enable Single Sign-On Authentication box.Click on the Edit button located at bottom right of screen.Click on Single Sign-On option in System Settings.Log in to your Jamf Pro admin account and Click on Settings cog icon located at top right of screen.Keep SAML Login URL, SAML Logout URL and click on the Download Certificate button which you will require in Step 4.Click on Link to see the IDP initiated SSO link for Jamf Pro. Click on Metadata link to download the metadata which will be required later.Select PASSWORD from the First Factor Type dropdown.Now enter the name for your app authentication policy in the Policy Name field.Go to the Add Policy and select DEFAULT from the Group Name dropdown.Enter the Domain Administrator in Jamf Pro Administrator field and click on " Verify Jamf Pro Administrator" to verify if the domain entered is of administrator.Enter the following values in the respective fields.Search for Jamf Pro in the list, if you don't find Jamf Pro in the list then, search for custom and you can set up your application via Custom SAML App.In Choose Application Type click on SAML/WS-FED application type.Go to Apps and click on Add Application button.MiniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Shibboleth, Ping, Okta, OneLogin, Ke圜loak), Databases (like MySQL, Maria DB, PostgreSQL) and many more.įollow the Step-by-Step Guide given below for Jamf Pro Single Sign-On (SSO) 1. If [[ $(/usr/bin/sw_vers -productVersion | awk -F. # Use user account's username and password credentials with Basic Authorization to request a bearer token. # This function uses Basic Authentication to get a new bearer token for API authentication. # If you're on Jamf Pro 10.35.0 or later, which does support using Bearer Tokens # for Classic API authentication, set the NoBearerToken variable to the following value # If you're on Jamf Pro 10.34.2 or earlier, which doesn't support using Bearer Tokens # Self Service policies and generates a report with information about those # This script uses the Jamf Pro Classic API to detect Jamf Pro policies are The report generated by script should appear similar to what is shown below: Jamf Pro admin console URL for the Self Service policy.The name displayed in Self Service for the policyĬreate a report in tab-separated value (.tsv) format which contains the following information about the Self Service policies.The policy’s name in the Jamf Pro admin console.If the policy is enabled in the Jamf Pro admin console.Pulls the following information out of the policy record data:.Uses the Jamf Pro Classic API to download all information about matching Self Service policies.Checks which policies are Self Service policies.Uses the Jamf Pro Classic API to download the Jamf Pro IDs of all computer policies.To store the account password in the plist file:ĭefaults write -info jamfpro_password account_password_goes_here To store the account username in the plist file:ĭefaults write -info jamfpro_user account_username_goes_here To store the Jamf Pro URL in the plist file:ĭefaults write -info jamfpro_url The plist file can be created by running the following commands and substituting your own values where appropriate: If setting up a specific Jamf Pro user account for this purpose with limited rights, here are the required API privileges for the account on the Jamf Pro server:įor authentication, the script can accept manual input or values stored in a ~/Library/Preferences/ file. tsv format.įor more details, please see below the jump. To assist with this task, I’ve written a script which uses the Jamf Pro Classic API to search through the policy records and generate a report in. Every so often, it may be necessary to generate a report from Jamf Pro of which policies are available in Self Service.
0 Comments
Leave a Reply. |