Excellent IdP service utility for macOS fleet
Use Cases and Deployment Scope
We use Jamf Connect as the interface between several campus infrastructure systems and our Okta cloud identity provider, as well as for endpoint login authentication and authorization for our fleet of Macintosh computers, both personal use systems and lab or classroom systems. It is the mandatory authentication utility on the Macintosh fleet for endpoints that are utilizing any campus data sources or services.
Pros
- Authenticating campus users from the Okta IdP
- Authorizing campus users for various campus data sources and services
- Providing "just in time" local account creation
- Allowing field staff to elevate to administrator status for troubleshooting and repair
- Allowing end users to temporarily elevate to administrator with authorization for ad hoc purposes
- Securing endpoints against unauthorized use
- Providing a central capability for managing logins
- Providing password change and reset capabilities
- Provides link to Jamf Self Service for application installs
Cons
- More control over local access for non-cloud accounts
- Does not handle password changes made directly in Okta very smoothly
- Setting up configuration is a bit opaque to non-IdP personnel
Likelihood to Recommend
Jamf Connect works particularly well in our lab environments where the central "source of truth" for student accounts is our Okta IdP. As Apple has recommended moving away from Active Directory binding (which was our previous source of truth for authentication) we needed a new central way to manage this function. Okta worked well for other services on campus, and it was a smooth integration to make it work with Jamf Connect for virtually all use cases on campus (we still have a couple of NAS/SAN systems that require Active Directory).
