![]() ![]() Hybrid – Best-of-breed Apple device management For more information, see the Integrating with Okta page in this guide.Fully Managed – Apple device management as-a-service To use the OpenID Connect authentication protocol rather than Okta's authentication API (not recommended).īoth options require a Jamf Connect app integration, which you can create in your Okta admin console. To configure role preferences, such as determining if an administrator or standard local account, is created. ![]() OpenID Connect settings can be used with Okta for the following reasons: Your UID tool must be an executable script. This can be used to match a local user account's UID with a user's LDAP UID attribute. Specifies a path to a UID tool that allows you to set a local user account's UID to a custom value during account creation. Specifies which local accounts are excluded from the migration pull-down menu If the user was only authenticated locally, this attribute will not be updated. Note: For every successful Okta authentication of a user, the user’s record will be updated with the “NetworkSignIn” attribute. This also keeps the home folder path and other elements of the user record the same. If the local account shortname does not match the Okta shortname, the Okta name will be added as an alias to the account so the user will be able to use either one. If this attribute cannot be verified, the user will be asked to select a local account to associate with the user’s Okta account. With the Migrate and DenyLocal preference keys, all subsequent sign-ins will be authenticated to Okta, and then the system verifies if the user record has an “OktaUser” attribute. This way the user can sign in to the system as their Okta username.Īdditionally, Okta can migrate users from local accounts to accounts associated with an Okta identity. At this point Jamf Connect Login will synchronize the password to the Okta password, and then add the Okta username as an alias to the local account. To migrate an account, the user must provide the existing local password. If a user's Okta username does not match any local account, the user will be given the option to create or migrate a local account. Once successfully entered, Jamf Connect Login will use the current local password and the current Okta password to sync the account to the current Okta password. If a user's Okta username matches a local username but the passwords do not match, the user will be prompted to enter their current local password. If a user's Okta username and password match a local username and password, the account is considered migrated. Consider the following user migration scenarios: Jamf Connect Login does this by forcing the user to sign in via Okta, and then attempts to match the user with an existing local account. This is typically used when the user account was already created on the system, but you want the accounts to have the same username and password as the user’s Okta identity. Used with DenyLocal to force authentication to Okta first, but then fallback to local auth if Okta is unavailable.Īllows local accounts to be migrated to Okta-based accounts. Note: Maintaining your license key in a separate configuration profile provided by your account manager is recommended. Configuring Preferences with the Command Line.Configuring File Shares with Jamf Connect Verify.Integrating Kerberos with Jamf Connect Sync.Configuring File Shares with Jamf Connect Sync.Configuring Jamf Connect Login with PingFederate.Configuring Jamf Connect Login with OneLogin.Configuring Jamf Connect Login with Okta.Configuring Jamf Connect Login with Microsoft Azure AD.Configuring Jamf Connect Login with IBM Cloud Identity.Configuring Jamf Connect Login with Google ID.General Requirements and IdP Compatibility. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |