Deploying devices to new users at Chatwork, a business chat company based in Japan, was a manual process. HR and IT had to work together to distribute profiles and policies based on the needs of each user, which could vary greatly across the company. But could there be a more efficient way to get users and devices up and running? The answer to this question involved delving into the integrations capable of extending the powers of Jamf Pro.
Automating with Jamf Pro and Okta
To enhance device control and increase efficiency, the organization decided to integrate Okta and Jamf Pro to automate the assignment of users and devices via Single Sign-on (SSO). This involved synchronizing Okta and Jamf Pro directories via LDAP so that Okta groups could be assigned to a Smart Group. Creating Smart Groups subject to registration in a specific Okta Group made it possible to apply policy and configuration profiles.
In this presentation, Naoki showed the configuration steps taken by his team to achieve HR-driven device control based on any user attribute, such as department or job title stored in Okta.
The first step in the project was to identify Mac users through Okta SSO by associating the Mac with the user. To do so, they used the Setup Assistant to establish a Secure Multi-factor Authentication (SAML) Single-Sign on between Jamf and Okta, allowing Okta users to use Jamf applications in Okta through the Jamf dashboard. Next, the team set up Enrollment customization and PreStage enrolment at Jamf Pro to complete the Single Sign-on enablement.
Okta user IDs were imported into Jamf to ensure consistent user directories and an LDAP (Lightweight Directory Access Protocol) was set to allow further synchronization. Configuration steps taken by the admin team at Chatwork were shared during this presentation, with a special mention to settings related to the LDAP user group membership mapping. Once the LDAP synchronization has been established, it can be tested to ensure it has been configured correctly.
Through successfully establishing a connection via the LDAP interface, it is now possible to distribute individual settings to devices belonging to a particular Okta group. By taking advantage of Jamf and Okta’s shared vision for an uninterrupted, native experience on Apple devices, admins were not only able to increase efficiency, user productivity and security by reducing the risk of authentication errors, but they also reduced the number of Jamf daily routine IT tasks to almost zero.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.