Jamf Connect's Zero Trust Network Access capability can operate as both a standalone service or it can be delivered alongside other Jamf security capabilities such as Jamf Protect's internet content filtering and usage controls.
The Zero Trust Network Access architecture comprises the following:
- A third-party identity provider (IdP) —
For securely authenticating and authorizing end users with Zero Trust Network Access
Note:To adhere to Zero Trust design principles, Zero Trust Network Access only supports user authentication via an identity provider (IdP). Because Jamf does not maintain or manage any user profiles or details, this is delegated to your identity provider. For more information on integrating with an identity provider, see Linking Identity Providers.
- Devices with the Jamf Trust app installed —
Jamf Trust gives users access to Zero Trust Network Access.
- Jamf Security Cloud —A services infrastructure that routes access traffic, enforces policy, and provides reportingNote:
Jamf Connect's Zero Trust Network Access uses the WireGuard VPN protocol for packet routing.
- Nearest Edge —
Globally distributed infrastructure designed to maximize connection performance regardless of the user's location
- Multi-Policy Engine —
Access, Data, and Security policies as configured in Jamf Security Cloud are simultaneously applied to traffic passing through the platform.
- Internet Cloud GW and Private Interconnects —
Forward routing connectivity options that provide packet-level access to applications. For more information, see Network Gateway Types.
- Secure Web Gateway —
An optional network element that applies policy and provides reporting for traffic that is not destined to business applications
- Nearest Edge —
- Apps and data —Information and services published by the organization that end users need to access to do their work