Skip to main content

Synchronizing Jamf School with Google Secure LDAP

Updated over 3 months ago

Description

This article provides steps for setting up synchronization in Jamf School with Google LDAP. Once this is complete you can sync with Google LDAP to:

  • Look up and populate user information from the directory service for inventory purposes.

  • Add Jamf School user accounts or groups from the directory service.

  • Require users to log in during mobile device setup using their LDAP directory accounts.

  • Base the scope of remote management tasks on users or groups from the directory service.

Adding the LDAP Client App in Google Admin Console

  1. Log in to admin.google.com with a user that is a super admin.

  2. Under Apps > LDAP click Add Client.

  3. Provide a name and add desired Access Permissions settings: verify user credentials, read user information, read group information.

  4. Click ADD LDAP CLIENT.

  5. A certificate is created. Click Download certificate and then click CONTINUE TO CLIENT DETAILS.

  6. Under Service status, select ON for everyone and click Save.

  7. Under Authentication, click GENERATE CREDENTIALS.

  8. Leave this tab open and continue with the steps below in Jamf School.

Adding Google LDAP to Jamf School for Synchronizing

  1. In Jamf School go to Organization > Settings and click Synchronization.

  2. Set the Synchronization Method to LDAP.

  3. For LDAP Server/Port enter ldap.google.com and 636.

  4. Leave the Directory type as Microsoft Active Directory.

  5. For the Username and Password fields, use the access credentials generated previously in the Google Admin Console.

    Note - Jamf School will redact these credentials. It's expected the password field will be blank after saving. If you need to update this in the future, you can generate new credentials in the Google Admin Console and then update the information in Jamf School.

  6. Under Base DN, fill in the distinguished name for your domain. For example, CN=Username,DC=example,DC=com.

    • Ensure spelling is correct.

  7. Under Mapping of LDAP Parameters, set Username to uid.

  8. Under the Advanced section:

    1. Uncheck the box for Enable paging.

    2. Configure recursive groups, delete removed users/groups as you desire.

    3. Check the box for Authenticate using a client certificate.

      • We do not need to check the box for Authenticate using the root certificate.

    4. Unzip the certificate downloaded from Google above. Add the crt file to the Custom certificate box. Add the .key file to the Custom Key box.

    5. Click Upload certificate and key.

  9. Click Save in the bottom-right corner.

  10. Scroll up and click Test Connection (right above the Mapping of LDAP parameters to Jamf School heading).

  11. Click Retrieve OUs and set your mappings for students, teachers, and groups.

  12. Click Save again.

  13. Refresh your page.

  14. Click Test Sync Configuration. You will see the users and groups found.

  15. Set the Automatic synchronization settings and optional mapping parameters if desired. Click Save after making any changes.

After you save any changes, refresh your page before retrying the Test Sync Configuration.

Bringing Over Google LDAP Users into Jamf School

  1. In Jamf School go to Users > Users and click Sync users.

  2. Validate that the expected users now show under Users > Users.

  3. Validate that the expected groups now show under Users > Groups.

Related Articles
Jamf School and Apple School Manager(ASM) Synchronization Settings
Nuances of ASM Synchronization in Jamf School
Fundamentals of Apple School Manager (ASM) Synchronization in Jamf School
Jamf Pro and LDAP Server Information Synchronization
Setting Up and Deploying Jamf Connect with Google Identity for Jamf School
Did this answer your question?