Many of you already know about Jamf’s acquisition of Orchard & Grove, the makers of NoMAD, that happened earlier this fall. For those who haven’t, surprise! Launched in 2016, NoMAD helps thousands of organizations provide a simple, unified authentication and account synchronization process for their end users. With NoMAD, Jamf has an expanded set of leading management capabilities to serve IT as we move to cloud-based identity solutions – all while ensuring end users have the best possible Apple experience.
In today’s Jamf Nation User Conference (JNUC) session, we heard straight from the creator of NoMAD himself, Joel Rennich, now Director of Jamf Connect at Jamf, along with Jamf Director of Professional Services Katie English, and Jamf Sales Engineer Mike VanDelinder. The session kicked off with English re-introducing Jamf Connect. Jamf Connect (formerly NoMAD Pro, NoMAD Login+ and NoMAD PKINIT) allows for simple provisioning of users from a cloud identity service during an Apple provisioning workflow, complete with multi-factor authentication. For future-looking workflows based on cloud authentication, Jamf Connect has key identity provider integrations and is the best way to manage accounts and authentication in organizations that leverage Okta or Smart Cards. NoMAD Sync and Login remain a seamless way to sync accounts in environments that leverage on-premise Active Directory. English reminded attendees that NoMAD Login and Sync will remain free and open source, while adding Jamf live chat support!
Rennich then leapt into the customization of automated mobile device management (MDM) enrollment of Jamf Connect, going through the five steps – validation, authentication, information, configuration and notification. The last step, notification, is especially important for the end user so they aware something is going on. Rennich joked, “We sometimes call this the placebo bar, but it keeps the end user engaged and aware of the progress happening in the process.” Continuing from a user experience point of view, Joel mentioned this process needs to take place before the Finder, and block the entire screen from the user. Users should only be asked for their password once.
Rennich then talked about what happens at the Login window for both NoMAD open source and Jamf Connect.
VanDelinder then launched a live demo for attendees, showing how Jamf Connect enhances a local user authentication experience, as well as a full local login experience, with no network or Automated MDM Enrollment required. The only prerequisite is your Okta authentication URL, which you can write to the local preference domain at /Library/Preferences/menu.nomad.login.okta.plist. For all additional customization available, check out the NoMAD + Okta admin guide here.
Interested in checking out Jamf Connect? To install the package, go to nomad.menu, and there is a trial version available with Okta support. As English said, “My favorite workflow is to use an ongoing policy at the Enrollment Complete trigger to get the full out-of-the-box provisioning experience.”
But that’s not all from the Jamf Connect team. Rennich announced, “The future is… soon!” Exciting updates are ahead, as the AwaitConfiguration MDM command will be available in the Jamf Pro 10.9 beta. The team is working on establishing Azure AD for local accounts, and Jamf will be adding additional adaptive security features, as well as integrating against other SAML providers.
To learn more about Jamf Connect, visit https://www.jamf.com/products/jamf-connect/.