Configuring a Google Cloud Identity Provider Connection

Jamf Pro Documentation 11.16.0
Solution
Application
Content Type
Technical Documentation
Utilities & Services
version
11.16.0
ft:locale
en-US
vrm_version
11.16.0

When a server connection is added, it is enabled by default. You can configure multiple connections and choose which configuration to use. Disabling the connection prevents Jamf Pro from querying data from this server. This means you can add a different configuration without deleting the current connection. To disable the connection, use the switch.

  1. In Jamf Pro, click Settings in the sidebar.
  2. In the System section, click Cloud identity providers .
  3. Click New.
  4. Choose Google and click Next.
  5. Configure the settings on the tab. Consider the following limitations:

    • The display name for the configuration must be unique.

    • The Domain name value automatically populates the Search Base dc values on the User Mappings and User Groups Mapping tabs.

  6. Use the Mappings tab to specify object class and search base data, and map attributes. When configuring the search base, structure the server query in the order that reflects the hierarchical structure of your directory tree to ensure the search returns correct results. See the "Default Attribute Mappings for Google Secure LDAP" section below for default mappings reference and use it while troubleshooting the connection.
    Note:

    You can configure cloud identity provider attribute mappings using the Jamf Pro API. For more information, see the Configuring Cloud Identity Provider Attribute Mappings Using the Jamf Pro API article.

  7. Click Save .

Saving a server connection triggers automatic verification of the hostname, port, and domain. The verification process must succeed before the connection is ready to use.

Important:

In large environments, the verification process for valid configurations may fail. Ensure the values in the form are correct and try saving the configuration again.

After your configuration is saved, you can test the mappings. For more information, see Testing Cloud Identity Provider Attribute Mappings.

To troubleshoot a failed connection, navigate to Reports in your Google Admin console, and check the LDAP audit log.