Enabling the Allow Local Fallback ( LocalFallback) setting and configuring Users with local authentication privileges ( DenyLocalExcluded) to ensure users can log in without a network connection is recommended. To ensure MFA is enforced at the login window, make sure you enable the Require Network Authentication ( DenyLocal) setting in your login window configuration profile. If configuring MFA with a third party mobile device app, make sure the app is distributed to users before or alongside Jamf Connect. Whether MFA should be enabled at the organization, app, or user level varies by IdP and environment. Keep the following in mind when enabling MFA with Jamf Connect: Some additional messaging can be customized via Jamf Connect settings to help users complete an MFA challenge. Okta Authentication API-Jamf Connect presents Okta MFA challenges within the Jamf Connect UI. The entire MFA experience is configured within your IdP's settings. OpenID Connect-Jamf Connect will indirectly display any MFA challenges within a web view. Depending on your IdP and the type of authentication used, Jamf Connect will handle MFA in one of the following ways: Jamf Connect can enforce multifactor authentication (MFA) using your cloud identity provider (IdP). Re-enabling the Login Window after a Major macOS Upgrade.Troubleshooting Deployment with Automated Device Enrollment.Editing the macOS loginwindow application.Preferences with the defaults Command-Line Tool.Password Hash Synchronization and Pass-through Authentication. Network and Local Authentication Restrictions.Configuring Settings with Jamf Connect Configuration.Im doing the same as in the screenshots except I am using the following for my plist.Ĭom.zscaler.Zscaler,, ,, com.mozilla. (Leveraging the JAMF\Conditional Access Intune enrollement).Īlthough Safari just shows a blank screen when getting to a login page that should take AzureAD creds.Ĭhrome and Outlook dont appear to be affected by the SSO config as they just show the usual AzureAD login prompts.Īnyone else make any progress with this config? I've been testing this config and was able to have Zscaler take the credentials from an Intune enrolled test device. We are using pure Azure AD and not using kerberos.Īny advice or information would be greatly appreciated. On our JAMF enrolled device we still get prompted for a username and password. Opening Safari and going to automatically shows the user signed in and we can simply click on it to log on. We have done a test on mac which is Intune enrolled only and have used Intune to deploy the Single Sign On config profile and it works a treat. We are not sure if the required custom configuration is applying correctly as the documentation states we need to add the following key pairs for it to work. We have installed the Microsoft company portal app on our test device and deployed a Single-Sign On Configuration Profile to the test device and configured it as per Microsoft documentation in the above link. Our JAMF Connect application is working fine but we are unable to get SSO working for Safari/Chrome/Edge etc. We are trying to fine tune our SSO experience on our macOS devices.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |