Description
Organizations can now setup SSO in Jamf Account using an Identity Provider (IdP). This enables organization administrators to configure their chosen IdP in Jamf Account and then utilize their SSO credentials for login to Jamf Account as well as some Jamf Apps (now including Jamf Pro, full list here); however, users will still be able to log in with a Jamf ID.
For more information on the benefits of SSO through Jamf Account and why Jamf has gone this route, please see the Configuring SSO in Jamf Account blog.
Pre-requisites for Setting up SSO in Jamf Account
User setting up Jamf Account SSO must have a valid Jamf ID tied to the organization, with the Organizational Administrator role
Your IdP must use OIDC
Access and ability to configure their domain's public DNS records
Administrative privileges to your IdP in order to configure a connected application and assign applicable users and groups
Steps to Configure SSO in Jamf Account
Follow the steps below to integrate your IdP with Jamf Account (and applicable Jamf consoles).
Configure the Jamf Account app in the IdP. Instructions are provided for common IdPs below. Any IdP that uses OIDC should work though. We will need to note the Issuer URL, Client ID, and Client Secret for step 4 below.
Okta
Entra
Google Identity
OneLogin
Note - ensure the Authentication Method set to Post in the SSO > Token Endpoint section of the Jamf Account app in OneLogin.
PingOne
JumpCloud
Written Steps: Configuring JumpCloud for SSO Integration with Jamf Account