Assigning Users to Jamf Connect App Roles

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

You can assign users to app roles by navigating to your app registration's corresponding enterprise application settings in Microsoft Entra ID. By default, any user in any domain can authenticate to the application. You can also do the following:

  • Hide Jamf Connect from users. This limits a user's interaction with the application to the login window of a computer. This can be done in the "Properties" section of the application settings.

  • Grant admin consent for your organization. This can be done in the "Permissions" section of the application settings.

Requirements

After configuring app roles in Microsoft Entra ID, your users or groups of users must be directly assigned to the application. If they are not assigned, they may not receive a "role" attribute for administrator rights. ​

  1. In Microsoft Entra ID, click Enterprise applications and then select your Jamf Connect app.
  2. From the Manage section in the sidebar, click Users & groups.
  3. Click + Add user/group.
  4. (Optional) In the Add Assignment window, select users or groups to add to the Jamf Connect application, and then select a role for each new user or group.
    Note: ​​In the ​Enterprise app properties​, if a user's ​Assignment required​ is set to ​No​, then the user will receive the default macOS permissions within your previously defined app roles.
  5. Click Assign.
Each user or group is assigned an app role, which can now be used to configure account creation in your Jamf Connect login window configuration profile. For more information on creating a Jamf Connect configuration, see Jamf Connect Configuration in the Jamf Connect Documentation.
Important:

Make sure go to the app registration's Authentication settings and re-enable the set the Allow public client flows switch to Yes.