The following table describes features associated with OIDC-based SSO through Jamf Account and related resources:
| Feature | Description | Related Resources |
|---|---|---|
| Identity provider integration | Use your existing IdP for authentication across Jamf services. This includes dedicated support for major providers like Microsoft Entra ID, Okta, and Google Identity, and any IdP that uses the OIDC protocol. | |
| Advanced identity infrastructure support | Use custom claim mapping to support your existing infrastructure by matching a wide variety of attributes to your Jamf platform users (e.g., the 'userinfo' endpoint from PingFederate or user principal name from Active Directory). Note: Support for custom claim mapping in Jamf Pro requires Jamf Pro 11.20.0 or later. | Configuring Custom Claim Mapping for OIDC-based SSO with Jamf Account (Technical Article) |
| Jamf ID authentication | Use Jamf ID as a built-in authentication system that provides SSO functionality when no external IdP is configured. It can also serve as a fallback authentication method when a third-party SSO is integrated. |
|
| Access control | Manage access to Jamf Account features with role-based access control (RBAC) and group-based access control. | |
| Backchannel logout | When you log out of one of the supported Jamf apps, backchannel logout logs you out of all the connected apps as configured in your SSO connection settings in Jamf Account. Enabled by default and currently supported by Jamf Pro, Jamf Protect, Jamf Security Cloud, and Jamf Account. | Understanding SSO Authentication Methods (Technical Article) |