To create an application registration with a custom scope for Jamf Connect, Microsoft Entra ID requires an additional application registration with a custom API.
Requirements
Access to your organization's Microsoft Entra ID admin console.
- Log in your organization's Microsoft Entra admin center.
- Click .
- Create a new app registration.
Name this application Jamf Connect - Conditional Access Policy API. Do not configure a redirect URI for this application.
- Select Accounts in this organizational directory only under Supported account types.
- Click Register.
- In the sidebar, click API permissions. Verify that admin consent has been granted for the organization.
- In the sidebar, click Expose an API.
- Set the Application ID URI.
A default entry is acceptable for this field.
- Click Add a scope.
- In the Scope name field, enter jamfconnect.
- Set the Who can consent field to either available option.
- Add text in the Admin consent fields to be accepted by the administrator.
- Click Add scope.
- Click Copy to copy the scope for later use as the OpenID Connect Scopes (
OIDCScopes) setting.
This application allows the application that calls the custom scope to borrow additional API permissions.