Creating a Second Jamf Connect Application for Multifactor Authentication during Login

Jamf Connect Documentation

Solution

Application

Jamf Connect

Content Type

Technical Documentation

Utilities & Services

ft:locale

en-US

Once you've created a Jamf Connect application in Okta for password checks, you can create a second Jamf Connect application to add additional support for multifactor authentication during logins at the macOS login window.

Requirements

Access to your organization's Okta Identity Engine or Okta Classic Engine admin console.
An existing Jamf Connect application used for password checks.

Log in to the Okta Admin Console.
Click Applications.
Click Create App Integration.
Do the following in the Create a new app integration window:
1. Select OIDC - OpenID Connect as the sign-in method.
2. Select Native Application as the application type.
3. Click Next.
Configure the following app integration settings:
1. Enter a name for your app, such as Jamf Connect - Login Window, in the Application name field.
2. (Optional) Upload an application logo.
3. Select the Implicit (hybrid) code grant types.
  
  The Resource Owner Password selection enables ROPG to provide background password checks.
4. Enter the following text in the Sign-in redirect URIs field: https://127.0.0.1/jamfconnect
5. Remove the Sign-out redirect URIs field by clicking the X next to the text field.
6. (Optional) Assign users to the Jamf Connect application or select Skip group assignment for now.
7. Click Save.
Navigate to the General tab.
1. Locate your Client ID. Save this value to be used later as the OIDCClientID value in Jamf Connect.
2. Click Edit in the General Settings section.
3. Locate the Grant Type section.
4. Deselect the option for Allow Access Token with implicit grand type.
5. Click Save.
Navigate to the Okta API Scopes tab and locate okta.users.read.
Click Grant.

You now have two Jamf Connect applications within Okta that can now be used to enforce multifactor authentication at the macOS login window.