The single sign-on (SSO) options available differ for administrators and end users, and depend on whether you have a modern cloud identity provider (IdP) available in your environment.
- SSO with OIDC through Jamf Account
Jamf's platform approach to SSO, powered by a protocol called OIDC (OpenID Connect) is required to access certain Jamf platform capabilities and services, such as blueprints.
An administrator can use either of the following options for streamlined login across the platform:- OIDC Identity Provider (IdP) —For organizations using a modern cloud IdP (e.g., Microsoft Entra ID, Okta, or Google Identity).
- Jamf ID —
For organizations not using an IdP, Jamf ID is available as an SSO option.
For more information, see SSO with OIDC Through Jamf Account.
- SSO with SAML
For end users, you can integrate with an IdP to enable SAML-based SSO for user-initiated enrollment (iOS and macOS) and Jamf Self Service for macOS. This option can also be used to require administrators to authenticate when accessing the Jamf Pro server. For more information, see SSO with SAML.
For administrators with supported environments, OIDC-based SSO for the Jamf Pro server is recommended to ensure full compatibility with upcoming Jamf platform capabilities and services.
For additional information on SSO options in Jamf Pro, see the Single Sign-On Options for Jamf Pro FAQ article.