Description
This overview guide links out to resources in the Jamf Connect Documentation to provide a a complete workflow for integrating Jamf Connect 3.x with Google Identity and deploying it across your macOS environment. The integration enables both Jamf Connect login window authentication and password synchronization functionality through Self Service+.
Prerequisites
Before beginning, ensure you have:
Google Identity subscription with LDAP service support
Administrative access to Google Cloud Console and Google Admin Console\
Jamf Pro administrative access
macOS computer for configuration and testing
Phase 1: Google Cloud Configuration
You must integrate Jamf Connect with Google ID by creating OAuth 2.0 credentials for the app.
Google requires the consent screen to be configured before you can create OAuth client credentials. This is a security requirement to define what your application will access.
You will either be prompted automatically to configure this or can navigate to API & Services > Credentials > OAuth consent screen.
After you've completed the consent screen, you can follow the steps in Creating an OpenID Connect Application Integration for the Login Window to create OAuth Client ID.
Phase 2: Google Admin Console LDAP Configuration
Google's Secure LDAP service generates a certificate that serves as the primary authentication mechanism for the LDAP clients to authenticate with Secure LDAP. This certificate is used to allow Jamf Connect to sync a user's Google and local password on a Mac computer.
Follow the steps in Generating a PKCS12 (.p12) Keystore File from a Google Cloud LDAP Client to generate the .p12 keystore file.
Deploy the certificate using a Jamf Pro configuration profile following the steps here.
Phase 3: Jamf Connect Setup
You can create your Jamf Connect settings for login and account management with Self Service+ either in Jamf Pro directly or using the Jamf Connect configuration app. This article provides steps using the configuration app.
Download Jamf Connect from Jamf Account.
Mount the DMG and accept the license terms.
Drag Jamf Connect Configuration.app to your Applications folder
Drag the Jamf Connect.pkg to your Desktop for deployment later.
Follow the steps in Creating a Configuration Profile using Jamf Connect Configuration to create and Save your login and Self Service+ settings.
Configuration Notes:
First start by configuring the minimum keys only to test authentication before adding in additional settings.
Follow the steps under Testing OpenID Connect Authentication to test the authentication.
When saving your settings, you will need to save two separate files (one for login with preference domain
com.jamf.connect.loginand one for Self Service+/menu barcom.jamf.connect)
Phase 4: Configuration and Deployment with Jamf Pro
Upload the Jamf Connect.pkg (and Self Service+ if applicable) to Jamf Pro.
For more information see Package Management in the Jamf Pro documentation.
Add the Jamf Connect settings saved earlier to configuration profiles in Jamf Pro.
If the settings were saved as property lists, then create a new profile using the Application and Custom Settings > Upload payload.
If the settings were saved as .mobileconfig files, then upload as a custom profile.
Ensure you have a profile for the Jamf Connect license deployed to the test device.
Scope out the configuration profile(s) to the test computer that received the LDAP certificate.
Deploy the Jamf Connect package (and Self Service+ if applicable) using a Jamf Pro policy.
Testing Checklist
Before expanding deployment, verify:
Jamf Connect login window appears at logout/restart
Users can authenticate with Google credentials
Local accounts created with appropriate privilege
Self Service+/menu bar app functions for password synchronization
LDAP certificate installed correctly in System Keychain
You can test connection following the steps here.