Creating a Configuration Profile using Jamf Connect Configuration

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

When you create a configuration profile, you can either save the file locally or upload it to Jamf Pro. If uploading to Jamf Pro, keep the following in mind:

  • Configurations must be saved in .mobileconfig format.

  • Profile file names cannot match an already existing name of a configuration profile in Jamf Pro.

  • You cannot upload updates to an already existing configuration profile with the same name.

Requirements

  • An integration with your cloud identity provider and required values from the integration (for example, client ID). For instructions, see Jamf Connect Identity Provider Integrations.

  • Uploading a configuration profile to Jamf Pro requires the following:

    • Credentials to a Jamf Pro user account with administrator privileges.

    • The Classic API must have basic authentication allowed under Password Policy in your Jamf Pro settings.

    • To upload a configuration profile saved locally to Jamf Pro, the profile must be signed.

  1. In Jamf Connect Configuration, click the + icon at the bottom-left of the window.
  2. Name your new configuration by clicking on it in the sidebar.
  3. Click the Identity Provider tab.
  4. Configure authentication settings:
    1. Choose your cloud identity provider (IdP) from the Identity Provider pop-up menu.
    2. Configure the minimum authentication fields for your IdP.
      Best Practice:

      Create a Minimal Configuration

      Jamf recommends only configuring the minimum authentication fields for your IdP for your first configuration profile. Once it is confirmed to be functional, more keys can slowly be added to avoid unexpected conflicts or errors. The minimum settings can vary based on your IdP. For more information, see Minimum Authentication Settings by Identity Provider.

  5. (Optional) Configure advanced authentication settings in the Okta or OIDC settings sections.
  6. Click the Login tab.
  7. Configure settings for the login window, including user creation settings.
  8. Click the Connect tab.
  9. Configure settings for Self Service+, including Kerberos integration settings.
  10. (Optional) Click the </> button in the top-right and do the following:
    1. Review your configuration profile in XML format.
    2. Manually configure additional settings.

      For lists of available preference keys, see macOS Local Account Management Settings Reference and Login Window Settings.

  11. Click the Test button to confirm that your authentication settings are correctly configured.
  12. (Optional) Save and export your configuration profile.
    1. Click File > Save from the Apple menu bar.
    2. Select which preference domain to write the configuration profile to.
    3. To upload the profile to Jamf Pro, select the Jamf Pro Upload checkbox and enter your Jamf Pro instance URL, username, and password.

      Make sure to also confirm a successful connection using the Check Connection button.

    4. Select a file format.
      Important:

      • To upload your configuration to Jamf Pro, you must save the configuration in .mobileconfig format.

      • If you select .mobileconfig, you must also complete the Payload Configuration Profile Data section.

    5. Click Save and name your configuration profile.
Your configuration profile is now ready to be installed locally or uploaded to an MDM solution for deployment.

If you selected the Jamf Pro Upload checkbox, the configuration profile is automatically uploaded to Jamf Pro.