Creating an Okta App Integration with OpenID Connect

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Okta Identity Engine and Okta Classic Engine can be configured with an OpenID Connect (OIDC) app integration instead of the Okta authentication API to enable additional features, such as custom branded authentication and passthrough authentication.

Requirements

Access to your organization's Okta Identity Engine or Okta Classic Engine admin console.

  1. Log in to the Okta Admin Console.
  2. Click Applications.
  3. Click Create App Integration.
  4. Do the following in the Create a new app integration window:
    1. Select OIDC - OpenID Connect as the sign-in method.
    2. Select Native Application as the application type.
    3. Click Next.
  5. Configure the following app integration settings:
    1. Enter a name for your app, such as Jamf Connect, in the Application name field.
    2. (Optional) Upload an application logo.
    3. Select the Resource Owner Password and Implicit (hybrid) code grant types.

      The Resource Owner Password selection enables ROPG to provide background password checks.

    4. Enter the following text in the Sign-in redirect URIs field: https://127.0.0.1/jamfconnect
    5. Remove the Sign-out redirect URIs field by clicking the X next to the text field.
    6. (Optional) Assign users to the Jamf Connect application or select Skip group assignment for now.
    7. Click Save.
  6. Navigate to the General tab.
    1. Locate your Client ID. Save this value to be used later as the OIDCROPGID and ROPGID values in Jamf Connect.
    2. Click Edit in the General Settings section.
    3. Locate the Grant Type section.
    4. Deselect the option for Allow Access Token with implicit grant type.
    5. Click Save.
  7. Navigate to the Okta API Scopes tab and locate okta.users.read.
  8. Click Grant.
Your app integration can now be used to configure Jamf Connect with your Okta identity provider of choice.