A federated integration is a hybrid identity solution that allows your cloud identity provider (IdP) to pass authentication to another authentication method, such as on-premise Active Directory Federate Services (AD FS).
If a federated integration with AD FS is implemented in your environment, you can configure Jamf Connect to work alongside your federated integration by configuring Jamf Connect to use different cloud and on-premise endpoints for authentication and password syncing.
- Microsoft Entra ID —
Use a registered app and endpoints in Entra ID to perform the authorization code grant that obtains access, refresh, and ID tokens from Entra ID.
- AD FS —
Use an AD FS app and endpoints to perform the resource owner password grant (ROPG) that verifies the user's local username and password are synced with on-premise Active Directory
To learn more about federated integrations with Entra ID, see the Microsoft Entra Connect and federation documentation from Microsoft.
The following diagram shows how Jamf Connect can use both endpoints to create local accounts and sync passwords: