Creating a Federation Partner Integration with RapidIdentity

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
  1. Log in to your RapidIdentity administrator portal.
  2. From the module selector, choose Configuration.
  3. Click Security.
  4. In the left sidebar, navigate to Identity Providers > Federation Partners.
  5. At the top-right of the page, navigate to Add Federation Partner > OpenID Connect.
  6. Click General, then enter the following:
    1. In the NAME field, enter Jamf Connect.
    2. In the DESCRIPTION field, enter the Jamf Connect application description adhering to your organization's naming guidelines.
    3. In the CALLBACK URLS field, enter https://127.0.0.1/jamfconnect.
  7. Click OpenID Connect Configuration, then do the following:
    1. Select the SIGN ID TOKEN (RSA WITH SHA-256) checkbox.
    2. In the ENCRYPTION METHOD field, enter A128CBC_HS256.
    3. Select the ENABLE RESOURCE OWNER PASSWORD GRANT (ROPG) checkbox.

      The Enable Resource Owner Password Grant (ROPG) panel opens on the right side of the page.

    4. Click Yes.
  8. Click Claim Attributes, then do the following:
    1. Click Add Attribute.

      The Add Claim Attribute panel opens on the right side of the page.

    2. In the NAME field, enter Email.
    3. In the DESCRIPTION field, enter Sends the LDAP mail Attribute.
    4. In the CLAIM field, enter Email.
    5. In the CLAIM TYPE pull-down field, select String.
    6. In the ATTRIBUTE VALUE TYPE pull-down field, select LDAP.
    7. In the LDAP ATTRIBUTE FIELD field, enter mail.
    8. Select the SINGLE VALUED checkbox.
    9. Click Add.
  9. Click Claim Attributes, then do the following:
    1. Click Add Attribute.
    2. In the NAME field, enter Role.
    3. In the DESCRIPTION field, enter Sends the LDAP idautoPersonEmployeeTypes Attribute.
    4. In the CLAIM field, enter Role.
    5. In the CLAIM TYPE pull-down field, select String.
    6. In the ATTRIBUTE VALUE TYPE pull-down field, select LDAP.
    7. In the LDAP ATTRIBUTE FIELD field, enter idautoPersonEmployeeTypes.
    8. Make sure the SINGLE VALUED checkbox is deselected to send multiple roles.
    9. Click Add.
  10. Click Claim Attributes, then do the following:
    1. Click Add Attribute.
    2. In the NAME field, enter First.
    3. In the DESCRIPTION field, enter Sends the LDAP givenName Attribute.
    4. In the CLAIM field, enter first.
    5. In the CLAIM TYPE pull-down field, select String.
    6. In the ATTRIBUTE VALUE TYPE pull-down field, select LDAP.
    7. In the LDAP ATTRIBUTE FIELD field, enter givenName.
    8. Select the SINGLE VALUED checkbox.
    9. Click Add.
  11. Click Claim Attributes, then enter the following:
    1. Click Add Attribute.
    2. In the NAME field, enter Last.
    3. In the DESCRIPTION field, enter Sends the LDAP sn Attribute.
    4. In the CLAIM field, enter last.
    5. In the CLAIM TYPE pull-down field, select String.
    6. In the ATTRIBUTE VALUE TYPE pull-down field, select LDAP.
    7. In the LDAP ATTRIBUTE FIELD field, enter sn.
    8. Select the SINGLE VALUED checkbox.
    9. Click Add.
  12. On the bottom bar, click Save to create the federation partner definition.

Your RapidIdentity portal now has a complete federation partner integration with Jamf Connect.