When Entra ID with multi-factor authentication (MFA) enabled is added as the cloud identity provider, some authentication workflows in Jamf Pro (e.g., Self Service login and enrollment login) do not work for Entra ID user groups and accounts. To allow users to use the workflows, you must configure single sign-on (SSO) with Entra ID. For information on how to configure SSO in Jamf Pro, see Single Sign-On (SSO).
Self Service for mobile devices does not support single sign-on workflows.
The following table summarizes how multi-factor authentication (MFA) status in Entra ID affects Jamf Pro authentication workflows for Entra ID cloud IdP:
Type of Workflow | With MFA Disabled in Entra ID | With MFA Enabled in Entra ID | With MFA Enabled in Entra ID and SSO with Entra ID Configured in Jamf Pro |
|---|---|---|---|
Jamf Pro login | Supported (standard login page) | Not supported | Supported (Microsoft login screen) |
Enrollment login (User-initiated enrollment and Enrollment Customization) | Supported (enrollment login page and the Directory Service Authentication pane in Enrollment Customization) | Not supported | Supported (Microsoft login page/the SSO Authentication pane in Enrollment Customization) |
Self Service for macOS login | Supported (standard login window) | Not supported | Supported (Microsoft login screen) |
Self Service for Mobile Devices login | Supported (standard login window) | Not supported | Not supported |