Description
Jamf Now has the built-in 'Enable Password Sync with Jamf Connect' option, however this does not allow for customizing the password synchronizing experience and it does not include Jamf Connect Login.
If you desire the full functionality of Jamf Connect, it can be purchased separately and deployed using Jamf Now. This article details how to configure and deploy the full Jamf Connect using Jamf Now.
Note: Do not enable "Enable Password Sync with Jamf Connect" under Blueprints > Security when deploying the full Jamf Connect product. This checkbox is only for deploying the built in Jamf Connect product for Jamf Now and will conflict with the Jamf Connect settings configured in the custom profile.
Understanding Jamf Connect Versions
Jamf Connect has two main feature sets:
Login Window - Account Creation, Account Migration, Authentication
Menu Bar - Password Syncing, Privilege Elevation, Kerberos, additional Actions if configured
With the release of Jamf Connect 3.0/Self Service+, the menu bar features are now incorporated with Self Service+ moving forward.
Self Service+ can be deployed with Jamf Now, but it will only show the Jamf Connect/Account management features (and the Security dashboard if Jamf Protect is installed on devices). Apps from Jamf Now will continue to show in Self Service classic.
There are multiple options for deploying Jamf Connect to devices depending on what apps you want to use for the end user experience.
Jamf Connect 2.0-2.45.1: The Jamf Connect installer for these versions includes the installer for Jamf Connect login and Jamf Connect menu bar.
Future releases of Jamf Connect 2.45.x: OS compatibility and security fixes are expected to be released for those continuing to use the Jamf Connect 2.x menu bar.
Jamf Connect 3.0 and later: The Jamf Connect installer only includes the installer for Jamf Connect login. If installed the Jamf Connect menu bar will not change at all.
Self Service+ 2.0 or later: This installer contains the Self Service+ application and the Self Service+ menu bar (similar to the Jamf Connect menu bar). Installing this package will uninstall any 2.x versions of the Jamf Connect menu bar.
Jamf Connect Deployment
After you've received your subscription for Jamf Connect, we can follow the steps below to set it up, which includes: deploying the Jamf Connect Login Installer and creating the custom profile with the Jamf Connect Login settings.
1. Create an app in the identity provider to integrate with Jamf Connect
Instructions for various identity providers can be found in the Jamf Connect documentation.
2. Downloading Packages and Licensing Information from Jamf Account
Log into Jamf Account, click Solutions and click on View Details for Jamf Connect.
Download required files below:
On the Overview tab, we will choose Download license file.
On the Download tab, use the dropdown box to select the version of Jamf Connect you desire, and then click Download.
If using Jamf Connect 3.0, you will also need to download Self Service+.
Go to Solutions > Add-Ons and click Download for Self Service+.
Use the dropdown box to select the version of the package you want to deploy. (It must be 2.0 or later to include the Account management dashboard.)
3. Creating the Jamf Connect Custom Profiles
No matter what versions of the packages we are deploying, we will need to create two custom profiles that contain the settings for Jamf Connect Login and Jamf Connect Menu Bar/Self Service+ Account management.
Open the Jamf Connect DMG and click Agree for the Terms and Conditions.
Drag Jamf Connect Configuration into Applications to install the app - we will use this in the next step to build the custom profile.
Drag JamfConnectLogin.pkg to desktop to be uploaded to Jamf Now in a later step.
Note if using a 2.x version of Jamf Connect the package will be called JamfConnect.pkg.
(Optional) The resources folder contains the Uninstaller if needed at a later date.
Build custom profiles using the Jamf Connect configuration app. These steps can also be referenced in the Jamf Connect documentation.
Open the Jamf Connect Configuration app.
Click + in the bottom-left window.
Give the configuration a name.
On the Identity Provider tab, choose your provider from the pop up menu and configure the authentication settings required for your provider.
Click Choose license and upload the license file downloaded from Jamf Account previously.
It might not seem like it uploaded, but you can click </> and look for the LicenseFile key. The button to the left will return you to the previous view.
Configure desired settings under the Login and Connect tabs.
It is best to first test a minimal configuration before slowly adding settings. For lists of available preference keys, see the Jamf Connect Settings Reference.
Click the Test button in the upper-right corner to confirm the configured settings are correct. A successful test will show that you got tokens.
To save and export the profiles:
Click File and Save from the menu bar. If only using Jamf Connect Menu Bar for password syncing, skip to step v below.
Select Jamf Connect Login under Application and Configuration Profile .mobileconfig under File format.
Fill in the organization name and click Save. Use Jamf Connect Login as the name. Then skip to step 5 if only using Jamf Connect Login.
Click File and Save from the menu bar again.
Select Jamf Connect under Application and Configuration Profile .mobileconfig under File Format.
Fill in the organization name and click Save. Use Jamf Connect Menu Bar as the name.
4. Add the Custom Profiles and Packages to Jamf Now
Create a test blueprint for Jamf Connect. This step is critical; we do not want to deploy Jamf Connect to enrolled Macs without testing first. If you already have test devices isolated on a blueprint, skip to the next step.
In Jamf Now, click Blueprints.
Open the blueprint to which you want to add Jamf Connect.
Click the blueprint name in the upper-left corner to open the drop down menu.
Click Copy.
Give the blueprint a name such as Jamf Connect Test and click Save.
Click Devices and Add a Device to add test devices to the blueprint.
Upload the profiles into Jamf Now following the steps below for each profile:
In Jamf Now, go to Blueprints and click on the blueprint you want to use for testing the Jamf Connect deployment.
Click Custom Profiles and click Add a Custom Profile.
Drag and drop or use Browse to upload a Jamf Connect profile.
Click Add Custom Profile in the bottom-right corner.
Follow the steps below to upload and deploy the packages:
In Jamf Now, click Apps.
Click Add an App in the upper-left corner.
Click Upload Your App.
Drag and drop or click Browse to upload the Jamf Connect package.
Give the app a name, it may be helpful to include the Jamf Connect version number in the name.
Click Done.
If using Jamf Connect 3.0, you also need to upload Self Service+ for password syncing functionality. Repeat steps a-f above for the other package.
Click Blueprints and select the blueprint you are using to test Jamf Connect.
In the test blueprint, select Apps and click Add Apps (if no apps are on the blueprint) or Edit Apps in the upper-right corner (if apps are on the blueprint already).
Check how you want the Jamf Connect (and Self Service+ if applicable) package(s) to install on the test Macs.
Click Save Changes in the lower-right corner.
Macs assigned to the test blueprint will install the package(s) and custom profile(s) on next check in. If using Jamf Connect login, when logging out of the Mac the end user should be presented with the Jamf Connect login screen.