Jamf

The signing certificate from Entra ID is only valid for a set period of time; three years by default. Jamf Pro will warn you when the certificate is close to expiring and you need to get a new certificate from Entra ID and upload the metadata URL or file to Jamf Pro.  

In Jamf Pro you might see something similar to the notification below:

⚠️ Before making any changes to your SAML settings - be sure you know your failover URL and a set of local Jamf Pro credentials with admin rights if your organization uses SAML SSO for administrators logging in to Jamf Pro.

Jamf Pro has the option to use the metadata file or metadata URL. This article provides steps with the metadata URL. 

Navigate to <a href="https://entra.microsoft.com/" rel="nofollow noopener noreferrer" target="_blank">entra.microsoft.com</a> and log in with an administrator account.

In the left menu navigate to Applications → Enterprise Applications. Select your Jamf Pro application.

Select Single Sign-On within the application view.

In section 3 "SAML Certificates," select the Edit button in the upper right corner.

Keep the Expiration Date, Signing Option, and Signing Algorithm to the default values.

On the new certificate, select the ellipses (…) on the right column and select Make certificate active.

Click Yes on the "activating your certificate" prompt.

(Optional) Select the ellipses (…) on the expiring certificate and select the option to Delete Certificate. Click Yes on the "You are about to delete a certificate" prompt.

Click the X in the upper-right corner to close the SAML Signing Certificate pane.

Return to Section 3 "SAML Certificates" and copy the "App Federation Metadata URL" with the icon at the right end of the URL. 

1. Navigate to <a href="https://entra.microsoft.com/" rel="nofollow noopener noreferrer" target="_blank">entra.microsoft.com</a> and log in with an administrator account. 
2. In the left menu navigate to Applications → Enterprise Applications. Select your Jamf Pro application.
3. Select Single Sign-On within the application view.
4. In section 3 "SAML Certificates," select the Edit button in the upper right corner.
5. Click + New Certificate. 
6. Keep the Expiration Date, Signing Option, and Signing Algorithm to the default values.
7. Click Save.
8. On the new certificate, select the ellipses (…) on the right column and select Make certificate active. 
9. Click Yes on the "activating your certificate" prompt.
10. (Optional) Select the ellipses (…) on the expiring certificate and select the option to Delete Certificate. Click Yes on the "You are about to delete a certificate" prompt.
 
 
11. Click the X in the upper-right corner to close the SAML Signing Certificate pane.
12. Return to Section 3 "SAML Certificates" and copy the "App Federation Metadata URL" with the icon at the right end of the URL.

In Jamf Pro, navigate to Settings &gt; System &gt; Single Sign-On.

Select Edit on the single sign-on settings page in the lower-right corner.

Scroll to the section titled "Identity Provider Metadata Source." If set to Metadata File switch to Metadata URL.

Paste the value of the 'App Federation Metadata URL' from Entra into this field.

1. In Jamf Pro, navigate to Settings &gt; System &gt; Single Sign-On.
2. Select Edit on the single sign-on settings page in the lower-right corner.
3. Scroll to the section titled "Identity Provider Metadata Source." If set to Metadata File switch to Metadata URL.
4. Paste the value of the 'App Federation Metadata URL' from Entra into this field.
5. Click Save.

Note: The updated certificate may be delayed in becoming active. It should update the Entra servers within 3-5 minutes of making changes.

This article provides steps for renewing the signing certificate if you have Entra ID integrated in Jamf Pro for SAML SSO.

Renew SAML SSO Certificate in Jamf Pro with Entra ID

Create a custom design with text, images, and links

Community

Training

Jamf Account

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Renew SAML SSO Certificate in Jamf Pro with Entra ID

Description

Renew Certificate in Entra ID

Renew Metadata URL in Jamf Pro