Jamf Connect is a Mac device authentication solution, that lets a user unbox their device, power it on and access all of their corporate applications and resources after signing on with a single set of cloud identity credentials.
Jamf Connect works particularly well in our lab environments where the central "source of truth" for student accounts is our Okta IdP. As Apple has recommended moving away from Active Directory binding (which was our previous source of truth for authentication) we needed a new central way to manage this function. Okta worked well for other services on campus, and it was a smooth integration to make it work with Jamf Connect for virtually all use cases on campus (we still have a couple of NAS/SAN systems that require Active Directory).
One thing we really like is getting OTPs and payment alerts through messaging bots. Unlike SMS, it’s free for us, secure, and users like it. It’s a way to send codes and notifications without extra costs. These messages are always right there for the user, easy to access on their phone.
It is almost a certainty that we will continue to use Jamf Connect, even with Apple coming out with Platform Single Sign On. Jamf Connect provides several features that PSSO does not, such as "just in time" local account creation and automatic synchronization of enterprise credentials. It is unlikely that we would investigate other options at this time or in the near future.
We’ll keep using Protectimus. Been using it for years, no real issues, it just works. Covers what we need, different setups, mgmt, logs, all that. OTP via bots is really handy and saves us money. Support’s fine, they reply when needed. Overall, it does the job, so we’ll keep it.
Jamf Connect is quite easy to use and has the necessary options on the login screen (such as WiFi network connection) for getting connected and authenticated. It has a simple to use menulet that allows password changes and resets as well as temporary elevation, all with very clear workflows. It also allows us to assign field staff to their client users' computers so that they can provide support without having to resort to LAPS accounts.
I gave 10 points for their solution because the GUI got a fresh update and it’s really easy to use now. The old one had some annoying limitations, but the new layout is much more intuitive. On mobile it works good too. Managing relations between tokens, users, and resources is way smoother now.
The only other product we evaluated was Xcreds from TwoCanoes software, which is essentially a one person shop. We already were Jamf Pro customers, and Jamf Connect fulfilled all of the requirements for this function along with providing professional customer support. Since we already had a relationship with Jamf, it made perfect sense to add this product to our toolkit, and keep technical support contained within one organization.
We checked a few options before picking Protectimus. We looked at SafeNet Auth Management, Duo, and using Google Authenticator with our own backend. SafeNet felt really old-school — UI looks dated and the system’s kinda tricky to run & maintain. Duo’s solid, but it’s pricey and, more importantly, doesn’t offer full on-prem deployment. We need on-prem to handle auth for our employees on our own infra, so that was a dealbreaker. Google Authenticator is popular & free, but it’s just a client for generating OTPs — all the user mgmt, token handling, and policies would be on us.Protectimus gives all that out of the box. We can manage users & tokens centrally, set auth policies, and support multiple channels. That flexibility made it the best fit for our setup.
