“Microsoft, Google & Co: making the most of your identity provider” from the Bett 2022 conference in London tackles the issue of getting Jamf School to work optimally with your identity provider of choice, such as Google or Microsoft Azure. Identity impacts various actions that you can perform within Jamf School, including enrolling devices, assigning users and creating Smart Groups and classes. But there can be challenges that arise from having to authenticate and synchronize data that has been imported from multiple sources – CSV files, Apple School Manager and an LDAP server, for instance.
In this talk, Jamf education consulting engineer Anthony Darlow explains how to create configurations to get a single directory of identities ready for use in zero-touch deployments, device management and classroom tools such as Apple Classroom and Jamf Teacher.
Import, authenticate, synchronize
One use case that Darlow addresses is when a school has a fleet of both 1:1 and shared devices. The 1:1 devices are paired to user data stored in an LDAP server, but it makes the most sense to import the shared devices directly into Jamf School. By taking advantage of Apple School Manager and its federated authentication functionality with Microsoft Azure, you can create a configuration that authenticates, synchronizes and matches all identities imported from various sources.
Darlow walks viewers through several configuration approaches, noting their advantages and shortcomings based on what a given school needs. He outlines some alternatives for viewers who may have different needs; for example, you can bypass the LDAP server entirely if you would rather feed identities directly into Jamf School via its built-in Import functionality. The talk culminates with a configuration that performs the following functions in order:
- Synchronizes with an LDAP server to import users and groups
- Imports additional users and groups from CSV files
- Syncs with Apple School Manager (using federated authentication with Microsoft Azure) and matches with the users imported from LDAP
- Creates device Smart Groups for use in automation scripting or zero-touch workflows
- Authenticates all identities using Microsoft Azure
It can be a headache to make sure that all your identity data is properly combined and ready to use when it originates from different sources. This talk can help you to understand how to best work with your identity provider and optimize the power of its relationship with Jamf School.