On the left hand side, scroll down to the “Security” section, and click it. Log into Azure, and head on over to Azure Active Directory. This basically tells Azure that it should only let you log in provided you meet the specified conditions, which in our case will be that you use MFA.
JAMF PRO LDAP PRO
To actually enforce MFA at the Jamf Pro SSO page, you’ll need to set a Conditional Access policy for the Jamf app registration. Setting up the MFA Conditional Access policy one for people who need read-only access to Jamf, for instance), but for the purposes of this tutorial I’ve only made one for admins. You could even have multiple security groups (e.g. If you’ve got both of these set up, you should also make sure you have an AAD Security Group that contains anyone you want to be an administrator. Jamf doesn’t support logging in to Jamf with AAD credentials without SSO if you’ve enabled MFA in Azure as of 10.33 2. SSO is a requirement, especially if you want to be able to access the Jamf console with your AAD credentials. You don’t need AAD as an IdP, but it makes role assignments a little easier and a little clearer for you. You will also need SSO for Jamf Pro configured with Azure, and it’s also not a bad idea to have AAD configured as your Identity Provider as well. I used a Premium P2 license for this writeup, but you can follow this guide with AAD Premium P1 if you have that. Azure AD Free does not include Conditional Access. Requirementsįirst things first, your Azure tenant will need to be licensed with an Azure AD Premium license 1. I was looking into how this works, and decided to write up what I found out. Because Jamf is so powerful in terms of the management actions it can perform on your devices, it’s probably not a bad idea to reduce the chances of a malicious actor getting into the management console.
If you’re using Jamf with Azure Active Directory Single Sign-On, it might be good for your security posture to enable Multi-Factor Authentication for your Jamf admins.
0 kommentar(er)
