Jamf Blog
February 21, 2020 by Garrett Denney

Jamf announces support for new Google Cloud secure LDAP service

As a Google Premier Partner, Jamf now offers a native Jamf Pro integration with Google LDAP. Whether using G Suite Enterprise or Cloud Identity Premium, Jamf Pro's unified authentication process is easy to set up.

Attention all Cloud Identity Premium or G Suite Enterprise users! Looking for a simple, unified authentication process that’s a breeze to set up? Look no further. As a Google Premier Partner, Jamf now offers a native Jamf Pro integration with Google. This allows organizations to easily configure the Google Secure LDAP service for users to authenticate during set up and receive more personalized applications and configurations immediately upon enrollment.

Why integrate Jamf Pro with Google Cloud secure LDAP service?

As more organizations migrate from legacy on-premises directories, Google Cloud customers have access to a number of modern identity management tools for their users — including Google Secure LDAP. When configured with Jamf Pro, this LDAP service allows for authentication during device enrollment: syncing detailed user information with each managed device. Having this LDAP connection also allows for more precise delivery of content to managed devices when using user- and group-based scoping. This allows IT to personalize and manage devices with minimum IT time required.

Also, with Jamf Pro and Google Secure LDAP alongside Jamf Connect, employees or students can unbox their Apple device, power it on and access their corporate and learning applications after authenticating with Google credentials.

Benefits for IT: ​IT can eliminate management of a legacy LDAP directory to securely connect with Jamf Cloud. Detailed user information, such as group membership or other attributes, can help automate the delivery of the right settings and apps to the right users.

Benefits for end users: Users benefit from streamlined enrollment workflows that get them set up on their devices in a faster, more personalized manner. End users will be able to access Jamf Self Service and their entire personalized app catalog on any Apple device by simply logging in with their G Suite or Cloud Identity username and password.

How to configure the Jamf and Google LDAP integration

Our product enhancements make the setup experience simple, allowing you to use the secure Google LDAP service for authenticating users and group syncing without the need to add external components (such as Stunnel) to your environment. We also added the ability to configure attribute mappings in Jamf Pro or with the API. Admins can test their attribute mappings for users, user groups, and user group memberships directly in Jamf Pro. This benefits customers with more complex user environments. This native integration is now available for ​Cloud Identity Premium​ or ​G Suite Enterprise customers.

Note: ​Even though Jamf Pro is interfacing with this service wherever you traditionally use LDAP connections, the settings are not located in the LDAP Servers settings area. This is because Google uses a certificate-based authentication method, and other settings like LDAP attribute mappings are automatically configured for IT administrators based off of Google’s LDAP settings.

To access this setting in Jamf Pro, navigate to Settings > System Settings > Cloud Identity Providers.

In the Cloud Identity Providers settings, you can view your existing configurations in the table or create a new one.

On the New Cloud Identity Provider Configuration page, there are a few fields necessary to establish connection with Google Cloud Identity Secure LDAP, some of which are populated by default.

The LDAP connection is enabled by default, and disabling the connection is as easy as toggling it off. This allows you to add and test a different LDAP secure server connection without deleting the current configuration.

Once configured, you can use the Google Secure LDAP service anywhere within Jamf Pro that would traditionally have an LDAP connection, including:

  • Defining and enabling Jamf Pro administrator access privileges to users that are members of groups defined in Google Cloud
  • User authentication during device enrollment, which links the authenticating user with the enrolling device’s inventory record
  • Time-saving scoping of content and settings to existing LDAP groups, departments or Smart User Groups based other directory-defined attributes

This native integration is now available on Cloud Identity Premium, G Suite Enterprise, and to G Suite for Education customers. Want to know more about Google Cloud secure LDAP? Check out Google Cloud’s detailed write-up on secure LDAP.

For information about how to configure Google's Secure LDAP service instance in Jamf Pro, see the ​Integrating with Cloud Identity Providers​ section of the ​Jamf Pro Administrator's Guide​.

Not already a Jamf customer?

We understand that when you invest in new software, you need it to work within your environment. Jamf Pro works seamlessly with your asset management tools, network access controllers and other IT services. From cross-industry integrations to specific solutions, see how Jamf integrates with more than 200 providers to ensure we work seamlessly with your existing IT services and technologies.

Garrett Denney
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.