This article includes step-by-step instructions for configuring SAML-based single sign-on (SSO) settings in Okta. For end users, you can integrate with Okta to enable SAML-based SSO for Automated Device Enrollment (with an Enrollment Customization SSO authentication pane), Device Enrollment (also known as "user-initiated enrollment"), and Jamf Self Service for macOS.
While SAML-based SSO for administrators remains supported, Jamf recommends OIDC-based SSO through Jamf Account as a preferred authentication solution. OIDC-based SSO through Jamf Account offers seamless login across Jamf products and access to platform capabilities like blueprints and compliance benchmarks. End-user authentication for enrollment and Self Service can continue using SAML after transitioning administrator authentication to OIDC. For details on implementing OIDC-based SSO, see SSO with OIDC Through Jamf Account in the Jamf Pro Documentation.
Adding an application for the Jamf Pro server in Okta
Copying metadata from Okta
(Optional) Enabling single logout
Keep the following in mind when configuring SSO with Okta:
The SSO configuration procedure provided in this article was tested with Okta version 2018.40.
- If you manually configure a SAML 2.0 application, you may need to simultaneously configure SSO settings between Okta and Jamf Pro to ensure settings are mapped correctly. Additional settings or steps may also be required. See SSO with SAML in the Jamf Pro Documentation for Jamf Pro-specific requirements and instructions.