Excellent IdP service utility for macOS fleet
Use Cases and Deployment Scope
We use Jamf Connect as the interface between several campus infrastructure systems and our Okta cloud identity provider, as well as for endpoint login authentication and authorization for our fleet of Macintosh computers, both personal use systems and lab or classroom systems. It is the mandatory authentication utility on the Macintosh fleet for endpoints that are utilizing any campus data sources or services.
Pros
- Authenticating campus users from the Okta IdP
- Authorizing campus users for various campus data sources and services
- Providing "just in time" local account creation
- Allowing field staff to elevate to administrator status for troubleshooting and repair
- Allowing end users to temporarily elevate to administrator with authorization for ad hoc purposes
- Securing endpoints against unauthorized use
- Providing a central capability for managing logins
- Providing password change and reset capabilities
- Provides link to Jamf Self Service for application installs
Cons
- More control over local access for non-cloud accounts
- Does not handle password changes made directly in Okta very smoothly
- Setting up configuration is a bit opaque to non-IdP personnel
Return on Investment
- Reduced student issues with lab logins substantially since installed
- Much easier to maintain granular authorization via Okta groups reducing need for IdP professionals to make simple changes
- Students are automatically provisioned as part of the registration process with the registrar
- Individual staff and faculty have a unified way to manage their credentials
- The only negative reported was the different look of the loginscreen, which people have now gotten used to and expect
Usability
Other Software Used
Microsoft 365, 1Password, Adobe Acrobat, Adobe Acrobat Reader, macOS, BBEdit, Dropbox Business, Google Drive, Google Chrome, GitHub, Xcode, Wireshark, Microsoft Visual Studio Code, Apple Keynote, Apple Numbers, Apple Remote Desktop, Apple iCloud Calendar (iCal), Apple Preview, Parallels Desktop for Mac, Okta