Description

Jamf Connect has two main feature sets:

Login Window - Account Creation, Account Migration, Authentication
Menu Bar - Password Syncing, Privilege Elevation, Kerberos, additional Actions if configured

Jamf School recommends using Jamf Connect version 2.45.x.

With the release of Jamf Connect 3.0/Self Service+, the menu bar features are now incorporated with Self Service+ moving forward and are called macOS account management in the Jamf Connect Documentation.

Self Service+ can be deployed with Jamf School, but it will only show the Jamf Connect/Account management features (and the Security dashboard if Jamf Protect is installed on devices). Jamf Student is still the default app for on demand app installation for end users.

Deploying Jamf Connect requires the following:

creating an app registration in your identity provider to integrate with Jamf Connect
creating the settings for Jamf Connect in the Jamf Connect Configuration app
deploying the settings and license file for Jamf Connect with Jamf School
deploying the packages for Jamf Connect with Jamf School

Integrating Jamf Connect with Google

In order to create the settings for Jamf Connect you need to create an app registration in Google Cloud and generate a certificate for Google's Secure LDAP service.

Create the app registration in Google Cloud following the steps here.
In Google Admin generate a certificate for Google's Secure LDAP service following the steps here.
Deploy the certificate using Jamf School following the steps below:
1. In Jamf School go to Profiles > Overview and click Create Profile.
2. Choose macOS and Device Enrollment and then click Next.
3. Provide a name for the profile, such as Google LDAP Certificate.
4. Provide a description if desired, for example This certificate is used for the Jamf Connect deployment.
5. Click Next and then click Finish.
  - Do not use a time filter. The Jamf Connect profiles need to stay on managed devices.
6. Select the Certificates payload.
  1. Click Choose File to upload the .p12 file.
  2. Add in the LDAP Keystore password.
  3. Select Allow all apps to access the private key in the Keychain.
  4. Click Upload Certificate.
7. Click Save.
8. Click Scope and add desired test group to the scope. Click Save.

Downloading Jamf Connect Software and License in Jamf Account

The software you need depends on what version Jamf Connect you want to deploy. For more information see the Understanding Jamf Connect Versions expander below.

From the Home page in Jamf Account, click View details for Jamf Connect.
Go to the Download tab and select the desired version of Jamf Connect from the dropdown box (Jamf recommends using Jamf Connect 2.45.x with Jamf School).
Click Download.
Open the DMG you downloaded from Jamf Account.
Click Agree for the license terms.
Drag the Jamf Connect Configuration app to the Applications folder and drag the Jamf Connect pkg to a spot you can find it later to upload to Jamf School.
Go to the Overview tab and click Download license file.
If you choose to you Jamf Connect 3.x, you will need to download Self Service+:
1. Go to Solutions > Add-Ons.
2. Click View details.
3. Choose a version (must be 2.x) and click Download.

Understanding Jamf Connect Versions

There are multiple options for deploying Jamf Connect to devices depending on what apps you want to use for the end user experience.

Jamf recommends using the most recent version of 2.45.x with Jamf School.

Jamf Connect 2.0-2.45.1: The Jamf Connect installer for these versions includes the installer for Jamf Connect login and Jamf Connect menu bar.
Future releases of Jamf Connect 2.45.x: OS compatibility and security fixes are expected to be released for those continuing to use the Jamf Connect 2.x menu bar.
Jamf Connect 3.0 and later: The Jamf Connect installer only includes the installer for Jamf Connect login. If installed the Jamf Connect menu bar will not change at all.
Self Service+ 2.0 or later: This installer contains the Self Service+ application and the Self Service+ menu bar (similar to the Jamf Connect menu bar). Installing this package will uninstall any 2.x versions of the Jamf Connect menu bar.

Configuring Jamf Connect Settings in Jamf Connect Configuration App

The full list of settings available for Jamf Connect can be found below.

Jamf recommends first just creating settings with the minimum keys needed before adding more complex keys. An example configuration that has been successful with many organizations using Google Identity and Jamf School is provided below.

Open the Jamf Connect Configuration app from the Applications folder.
Create the Jamf Connect login settings profile:
1. Click File > New.
2. On the Identity Provider tab:
  1. Select Google Identity from the Identity Provider drop down.
  2. Add in the Client ID (OIDCClientID)
  3. Add in the Client Secret (OIDCClientSecret)
  4. Add in the Redirect URI (OIDCRedirectURI)
3. Click Login and configure the items below:
  1. Under User Creation:
    Check the box to Create a separate local password. (required)
    Deselect the box for Create Jamf Connect keychain. (required)
  2. Under Authentication:
    Check the box for Allow local authentication if a network unavailable. (optional)
    Check the box for Use Passthrough Authentication. (optional)
    https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Passthrough_Authentication.html
4. Save the login profile.
  1. Click File in the upper-left menu bar and click Save.
  2. Select Jamf Connect Login as the application and Configuration Profile .mobileconfig as the file format.
  3. Add your organization name in the required field and click Save.
Create the Jamf Connect menu bar/self service+ settings profile:
1. Click File > New.
2. On the Identity Provider tab:
  1. Select Google Identity from the Identity Provider drop down.
  2. Click Choose license and upload the license file downloaded in step 6 above.
3. Save the menu bar profile:
  1. Click File in the upper-left menu bar and click Save.
  2. Select Jamf Connect as the application and Configuration Profile .mobileconfig as the file format.
  3. Add your organization name in the required field and click Save.

Deploying the Jamf Connect Settings with Jamf School

Upload the profiles as custom profiles in Jamf School.

In Jamf School navigate to Profiles > Overview and click Create Profile.
Choose Upload custom profile.
Upload one of the .mobileconfig files from the Jamf Connect Configuration app and click Next.
Add the profile name and description. Be sure to include Jamf Connect and the date in one of the fields.
Click Next and click Finish.
- Do not use a time filter. The Jamf Connect profiles need to stay on managed devices.
Click the + to add test device groups to scope for the profile. Click Save.
Repeat the steps above for the second profile.

Jamf recommends always deploying the Jamf Connect Settings first. Once the profiles have installed on computers the software can be installed.

Deploying Jamf Connect Software with Jamf School

Add the Jamf Connect software packages to Jamf School as an in house app following the steps below.

In Jamf School, click Apps > Inventory in the sidebar.
Click Add App and select Add In-House macOS Package.
Choose the Jamf Connect package.
Configure additional settings.
Click + to add the test device groups.
Click Save.

Jamf Connect is showing as a TRIAL version

How to Deploy the Full Jamf Connect Product with Jamf Now

Deploy Jamf Connect License for the first time with Jamf Pro

Using Jamf Onboarder to set up Jamf Pro, Jamf macOS Security Portal and Jamf Security Cloud Portal

Updating Jamf Connect License File in Jamf School Deployments

Setting Up and Deploying Jamf Connect with Google Identity for Jamf School