Troubleshooting with Postman – Testing the Jamf ADCS Connector Client Certificate
Travelling Tech Guy
by TTG
1y ago
Hey all! First of all Happy New Year and all the best for 2023! Another year, another start of some blogging action. 2022 was extremely busy, hence less blogposts, but let’s see what 2023 has to offer… For this first post of the year I quickly want to share how to easily test the client certificate which Jamf Pro is using to connect to IIS on the Jamf ADCS Connector server. For this we’ll use Postman which you can find here, and awesome tool we can use for a variety of troubleshooting scenario’s. There is an Intel as well as an Apple Chip (M1/M2) version, and you may need to create a free acco ..read more
Visit website
Jamf Connect and Azure AD options for ROPG
Travelling Tech Guy
by TTG
1y ago
Hey all! There are sometimes stubborn misunderstandings or wrong assumptions in IT which are difficult to get rid off. ROPG and ADFS Federated Azure AD tenants is one of them. Hence this quick post to elaborate the different scenarios to configure Jamf Connect for ROPG, subject to how the tenant is synced or federated. To kick this off I’d like to list the different options which matter in view of how ROPG should be configured, either targeting Azure (Provider key in plist set to ‘Azure’), or targeting ADFS (Provider key in plist set to ‘Custom’). The main thing impacting our options here is w ..read more
Visit website
Jamf Connect and Microsoft MSAL change
Travelling Tech Guy
by TTG
1y ago
Hey all! As you may have seen on the release notes of Jamf Connect, there is an upcoming change on Microsoft Azure side which impacts how Jamf Connect works. https://docs.jamf.com/jamf-connect/2.16.0/documentation/Release_History.html Microsoft Azure AD Change RequiredIf Microsoft Azure AD is your IdP, upcoming changes to Microsoft Authentication Library (MSAL) require changes to your Jamf Connect configuration. Existing applications remain functional, but in December 2022 Microsoft will discontinue security updates for Azure Active Directory Authentication Library (ADAL), deprecating the use ..read more
Visit website
Jamf Connect and Azure AD Conditional Access
Travelling Tech Guy
by TTG
1y ago
Hey all, As I’ve recently been getting quite some questions on Jamf Connect and Conditional Access, I’d like to clarify a few things. To keep things simple (as this is quite a can of worms actually), I’ll keep it very short and only highlight what matters. First of all, there is this blog post: https://www.jamf.com/blog/how-to-azure-conditional-access-and-jamf-connect/. All good, and the basics to tackle some roadblocks are in there, but – and all credits to Sean and the extensive work he has done to figure all this out – there are a few things which changed recently. Therefore, due to changed ..read more
Visit website
Quick update on scripts to Manage Secure Token and Report FileVault situation
Travelling Tech Guy
by TTG
1y ago
Hey all, Not a big blogpost for now, but just a very short message to share the minor update I did on 2 of my FileVault related scripts. They still need some clean up and and cosmetic tweaking, but they do work on Monterey now. Yes, late to the party to tweak them but with Ventura around the corner about time. Only changed the logic to grab the logged in user in both scripts as those were still using Python which has been removed from macOS. Replaced the logic by: scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' This on both scripts ..read more
Visit website
Azure AD attributes and group claims for Cloud iDP and SSO
Travelling Tech Guy
by TTG
1y ago
Hey all, Quick update: for those playing around with a custom attribute like onpremisessamaccountname... I just realised that the correct syntax for this is onPremisesSamAccountName. So not all lower caps like in my screenshots. Otherwise SSO works but JPRO does not map the username correctly via Cloud iDP. Let’s talk about Azure AD attributes and group claims. This for Single Sign on, as well as scoping based on the Azure AD integration (Cloud Identity Provider). Let’s start with Single Sign on, which we configure as per: https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/jam ..read more
Visit website
Intune registration – jamfAAD prompts
Travelling Tech Guy
by TTG
1y ago
Hey all! After a ‘short’ break I think it’s time to get back into some blogging action. Still wondering what’s wrong with some people in this world, but I’ll leave further politics out of this blog. Way above my cognitive capacity to understand, so let’s try Intune related matter instead. For this post I’d like to discuss a topic I still see popping up quite often, being: ‘we are seeing -repetitive- jamfAAD prompts on our Intune registered Macs’. The reason I want to discuss this is because, although there may be an issue on those ‘affected’ devices, there are a few scenarios or factors which ..read more
Visit website
BREAK
Travelling Tech Guy
by TTG
2y ago
Hey all! As you may have noticed, I haven’t written many blogpost in 2022 yet. No panic, I’m not permanently putting an end to this blog, but I’m taking a break away from writing. I’m a bit too busy lately (both work and personal). So, not a goodbye for now, but just a break and “see you later”! Oh, and while I am technically writing a “blog post” here anyway, even if this is not a geopolitical blog: The mess which is going on in the world is also a reason why I can’t focus on writing blog posts in the evening by the way. My thoughts are with the people in Ukraine as well as with all Russian ..read more
Visit website
Jamf Connect and MS Azure Conditional Access (+Password Change URL)
Travelling Tech Guy
by TTG
2y ago
Hey all! First of all: Happy New Year and all the best for 2022! May the force be with us… I’ve been a bit busy by the end of 2021 and took the end of December off to step away from my Mac and servers for a bit. However, with this new year kicking off, it’s time to step up the game again. Hence this first blogpost of 2022! Today’s topic will be about, what else to kick the year off, Jamf Connect and MS Azure Conditional Access, as I’ve recently been working on some challenge to figure out some behaviour with the password change URL. By diving into the matter, I ended up beyond the initial issu ..read more
Visit website
Remove the re-enter password requirement with “Passthrough Authentication” in Jamf Connect Login 2.5/2.6+
Travelling Tech Guy
by TTG
2y ago
Hi all! This is going to be a very quick post as I just want to highlight and clarify something. This being the new feature which has been added to Jamf Connect Login in view of how the password validation via ROPG is done during account creation or subsequent logins. Starting with Jamf Connect Login 2.5 (for Google iDP) and 2.6 for (Azure iDP) a new key has been added to the available preferences: OIDCUsePassthroughAuth. This with the following release notes: https://docs.jamf.com/jamf-connect/documentation/Release_History.html This allows Jamf Connect to complete network and local authentic ..read more
Visit website

Follow Travelling Tech Guy on FeedSpot

Continue with Google
Continue with Apple
OR