Setting Up Okta Express Configuration

Jamf Account Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
Requirements

You must meet the general Requirements for SSO.

  1. Enable Okta express configuration:
    1. Log in to the Jamf Account portal with your Jamf ID.
    2. Click Profile.
    3. Click Security.
    4. Under "Allow users to configure their identity provider (IdP) using Okta express configuration", click Enable access.
  2. Add Jamf Admin Access in Okta:
    1. Log in to the Okta Admin Console.
    2. Click Applications > Browse App Catalog.
    3. Search for "Jamf Admin Access" and click Add Integration.
    4. Select your region.
      Note:

      Express configuration is currently supported in the United States only. Support for other regions is coming soon.

    5. Click Done.
  3. Use Jamf Admin Access to configure SSO:
    1. In Okta, under Jamf Admin Access, click Sign On.
    2. Click Express Configure & Universal UL.
    3. When prompted, sign in with the same Jamf ID you used in step one.
    4. Select the Okta system or admin initiates logout checkbox to enable Universal Logout.
      Note:Okta detects risk and terminates sessions for security.
    5. Click Assignments to assign users access to Jamf Admin Access.
  4. Enable domains and Jamf portals:
    1. In Jamf Account, navigate to Organization > SSO.
    2. Click the newly created connection, tagged as an "Express configuration", and assign verified domains and the Jamf portals you want to use with your connection.
Users configured in the IdP can now log in using SSO for all enabled Jamf applications.
Note:

Users can still log in to Jamf applications using Jamf ID if desired by clicking Continue with Jamf ID.

Specific user authorization roles and permissions must be configured in each Jamf application.