Testing your Okta Configuration to Limit Access

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

After creating an authentication configuration with Jamf Connect, the integration can be tested via the Jamf Connect Configuration app to verify if users can successfully log in or if issues may be present.

Requirements

  • Access to the Jamf Connect Configuration application

  • A configured Jamf Connect application in Okta Identity Engine or Classic Engine

  • Credentials for a user assigned to your Jamf Connect application in Okta

  • A non-production test Mac, as errors can result in the loss of administrator rights or data loss

  • A local macOS administrator account on the non-production test Mac

  1. Verify that users are assigned to the appropriate OIDC applications in Okta.
  2. Open the Jamf Connect Configuration application, located in the Jamf Connect DMG file.

    Use the configuration that was created during your initial Okta configuration.

  3. For the Admin client ID, enter the Client ID of the application created that contains users who should be local macOS administrators.
  4. For the Access client ID, enter the Client ID of the application created that contains users who should be allowed to log in to a Mac.
  5. For the Secondary login client ID, enter the Client ID of the application created that contains users who should be allowed to create additional local user accounts after an existing user with a local password exists.
  6. Click Test.
  7. Select Okta Classic Engine.
  8. Enter the credentials for a user who is assigned to your Jamf Connect application in Okta.
  9. Upon a successful authentication, click Save.
  10. Select the option to save your Jamf Connect Login as a .mobileconfig file.
  11. Enter any value for the Organization.
  12. Transfer the .mobileconfig file to a non-production test Mac.
  13. Log in as an administrator account.
  14. Install the .mobileconfig file by opening it and adding to Profiles.
  15. Open System Settings.
  16. Navigate to Privacy & Security.
  17. Locate the Profiles section and follow the instructions to install.
  18. For environments using Jamf Connect 2.45.1 or earlier, install the JamfConnect.pkg in the software installer distribution image from Jamf Account. For environments using Jamf Connect 3.0 or later, install Self Service+ from Jamf Account.
  19. Click the Apple icon in the menu bar.
  20. Click Sign out.

You can now test user credentials assigned to your limiting applications in Okta and determine if new user accounts are created as expected. To log in as your administrator user, sign out of the newly created user and enter your local administrator credentials.