OIDC (OpenID Connect) single sign-on, configured in Jamf Account, allows administrators to use a centralized SSO configuration for all supported Jamf products. OIDC-based SSO is required to access some Jamf platform capabilities and services, such as blueprints and compliance benchmarks.
This SSO integration allows you to use a cloud-based identity provider (IdP) configured in Jamf Account to log in to supported Jamf products. If you do not have an OIDC-based IdP available, you can log in using your Jamf ID.
With SSO configured in Jamf Account, you can use this authentication method across these supported Jamf applications:
Jamf Pro
macOS Security portal (Jamf Protect)
Jamf Security Cloud portal (Jamf Protect and Jamf Connect; business customers only)
Jamf Safe Internet portal
Jamf Mobile Forensics
Jamf School
Jamf Routines
Jamf Insights
Although SSO can be integrated by configuring it for each application, Jamf Account is the preferred integration. Integrating with Jamf Account removes the need to do separate configurations for each application.
For Managed Service Providers, you and your customers can both configure OIDC-based IdPs in Jamf Account. You can configure the connection on your own organization and apply it to your customer-managed instances. Customer accounts must be assigned the Managed Service Provider (MSP) IdP privileges in Jamf Account. You can also configure it individually for each customer organization using the account switcher. For more information on Jamf Account roles and privileges, see User and Contact Management in Jamf Account.
If you need to remove a user who authenticated with SSO, ensure the user is removed from your organization's IdP and Jamf portals, where applicable.