Excellent IdP service utility for macOS fleet
November 05, 2025

Excellent IdP service utility for macOS fleet

Bruce Carter | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Jamf Connect

We use Jamf Connect as the interface between several campus infrastructure systems and our Okta cloud identity provider, as well as for endpoint login authentication and authorization for our fleet of Macintosh computers, both personal use systems and lab or classroom systems. It is the mandatory authentication utility on the Macintosh fleet for endpoints that are utilizing any campus data sources or services.

Pros

  • Authenticating campus users from the Okta IdP
  • Authorizing campus users for various campus data sources and services
  • Providing "just in time" local account creation
  • Allowing field staff to elevate to administrator status for troubleshooting and repair
  • Allowing end users to temporarily elevate to administrator with authorization for ad hoc purposes
  • Securing endpoints against unauthorized use
  • Providing a central capability for managing logins
  • Providing password change and reset capabilities
  • Provides link to Jamf Self Service for application installs

Cons

  • More control over local access for non-cloud accounts
  • Does not handle password changes made directly in Okta very smoothly
  • Setting up configuration is a bit opaque to non-IdP personnel
  • Reduced student issues with lab logins substantially since installed
  • Much easier to maintain granular authorization via Okta groups reducing need for IdP professionals to make simple changes
  • Students are automatically provisioned as part of the registration process with the registrar
  • Individual staff and faculty have a unified way to manage their credentials
  • The only negative reported was the different look of the loginscreen, which people have now gotten used to and expect
Jamf Connect is quite easy to use and has the necessary options on the login screen (such as WiFi network connection) for getting connected and authenticated. It has a simple to use menulet that allows password changes and resets as well as temporary elevation, all with very clear workflows. It also allows us to assign field staff to their client users' computers so that they can provide support without having to resort to LAPS accounts.
The only other product we evaluated was Xcreds from TwoCanoes software, which is essentially a one person shop. We already were Jamf Pro customers, and Jamf Connect fulfilled all of the requirements for this function along with providing professional customer support. Since we already had a relationship with Jamf, it made perfect sense to add this product to our toolkit, and keep technical support contained within one organization.

Do you think Jamf Connect delivers good value for the price?

Yes

Are you happy with Jamf Connect's feature set?

Yes

Did Jamf Connect live up to sales and marketing promises?

Yes

Did implementation of Jamf Connect go as expected?

Yes

Would you buy Jamf Connect again?

Yes

Microsoft 365, 1Password, Adobe Acrobat, Adobe Acrobat Reader, macOS, BBEdit, Dropbox Business, Google Drive, Google Chrome, GitHub, Xcode, Wireshark, Microsoft Visual Studio Code, Apple Keynote, Apple Numbers, Apple Remote Desktop, Apple iCloud Calendar (iCal), Apple Preview, Parallels Desktop for Mac, Okta
Jamf Connect works particularly well in our lab environments where the central "source of truth" for student accounts is our Okta IdP. As Apple has recommended moving away from Active Directory binding (which was our previous source of truth for authentication) we needed a new central way to manage this function. Okta worked well for other services on campus, and it was a smooth integration to make it work with Jamf Connect for virtually all use cases on campus (we still have a couple of NAS/SAN systems that require Active Directory).

Using Jamf Connect

2500 - Students, staff, and faculty. For students, I only included the count of "public" endpoints in labs and classrooms. Approximately 8000 undergraduate students use the labs. Jamf Connect is installed as part of the initial out of the box build on all university owned Macintosh computers with a very small number of special purpose units.
2 - Both engineers that support Jamf Connect are general macOS and Jamf engineering support. Jamf Connect requires very little maintenance outside up updates/upgrades, and automatically picks up changes from Okta directly. It requires very little attention on an ongoing basis. Most of the day to day support questions are handled by the Service Desk, and there really aren't very many of them after the first exposure to new employees or freshman students.
  • Staff authentication and authorization
  • Student authentication and authorization
  • Automated changes picked up from Okta which is populated by the Registrar
  • Authentication for loaner endpoints
  • On demand administrator elevation for end users on authorization
  • Allowing field staff to be set to administrator status for endpoints that they support
  • Universal use in computer labs and lecterns
  • On demand setups for kiosks
  • Temporary ad hoc labs for summer seminars
  • Portability for events off campus but still on network
It is almost a certainty that we will continue to use Jamf Connect, even with Apple coming out with Platform Single Sign On. Jamf Connect provides several features that PSSO does not, such as "just in time" local account creation and automatic synchronization of enterprise credentials. It is unlikely that we would investigate other options at this time or in the near future.

Comments

More Reviews of Jamf Connect

  1. Home
  2. Authentication Systems
  3. Jamf Connect Reviews
  4. User Review of Jamf Connect