Creating a Federation Partner with Jamf Connect
  • 25 Mar 2024
  • 1 Minute to read
  • Dark
    Light

Creating a Federation Partner with Jamf Connect

  • Dark
    Light

Article summary

Creating a Federation Partner with Jamf Connect

Creating a federation partner for use with Jamf Connect isn’t particularly different than for other uses.

Configuration Steps

  1. Go to Configuration module > Security > Identity Providers > Federation Partners
  2. Click Add Federation Partner and Select OpenID Connect and you will be taken to a page to create the OIDC Partner.
  3. Under the General section provide a name for the OIDC Partner and add the following Callback URLs:
    a. The default callback url for Jamf is
https://127.0.0.1/jamfconnect

b. Other URLs can be configured as well if the federation partner is going to be used for other purposes besides just Jamf Connect but are not required. An example would be:

https://<rapididentity hostname>/oidc/callback
IMPORTANT NOTE

If a different callback URL is configured, it must be recorded and set in the Jamf Connect Preferences.

  1. Under the OpenId Connect Configuration section activate ENABLE RESOURCE OWNER PASSWORD GRANT (ROPG) . You will be required to confirm your decision.

  2. Under the Claim Attributes section, add the following Claim Attribute:

    • an attribute with:
      • name = email
      • claim = email
      • claim type = string
      • attribute value type = LDAP
      • ldap attribute = mail
  3. Click Save.

  4. It may be necessary to navigate to the the IDP Configuration and trigger a service reload and web reload.

  5. Additional setup will be required within JAMF and you will need to make note of the following values:
    a. The Client ID of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created.
    b. The Client Secret of the created Federation Provider. This can be found on the edit page of the Federation Partner that was created
    c. The discovery URL/Endpoint for OIDC on the RapidIdentity Server https://<rapididentity hostname>/idp/.well-known/openid-configuration

Endpoints for OIDC are as follows:

EndpointPath
Token Endpoint/idp/profile/oidc/token
UserInfo Endpoint/idp/profile/oidc/userinfo
JWKS Endpoint/idp/profile/oidc/jwks
Discovery Endpoint/idp/.well-known/openid-configuration

For details on how to continue the integration configuration from within Jamf Connect, please check out this document: Integrating with RapidIdentity/Identity Automation


Was this article helpful?