- Jamf Nation Community
- Products
- Jamf Pro
- LDAP authentication alternatives
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP authentication alternatives
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-21-2014 10:32 AM
So I'm working with a company who is about to implement Casper. As of now they don't have any type of LDAP (AD or otherwise) in place.
Their centralized directory system is Okta and it actually works pretty well for them. All of their services are SAAS items like Google Apps, Box, Web Help Desk, etc. Because of this Okta works beautifully for them.
Caper brings some challenges though since LDAP is really the only built in directory plugin. While I could just add user names to inventory records, it wouldn't give users a way to enroll devices their own devices or Self Service. I could manually create a bunch of JSS users for local authentication but would prefer not to have 200 JSS users.
If I could tell Casper to query Okta for authentication or something when a user logs into Self Service or Self Enrollment, that would be ideal but not holding my breath.
Any creative thoughts or ideas?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-21-2014 01:08 PM
I believe Okta has some extensibility for working with AD and LDAP. I'd check their support folks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-21-2014 01:09 PM
I'm trying to avoid setting up LDAP though. They have the functionality to synchronize to a current AD setup.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-22-2014 09:59 AM
Okta cannot support LDAP queries against their directory? That seems very limiting.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-07-2015 08:01 AM
Disclaimer - I work for Okta
If I understand it correctly this requirement is so that employees/ users can SSO into Casper suite for self service Portal http://www.jamfsoftware.com/products/casper-suite/self-service/
I know that some customers have requested that Casper supports SAML - if it did then it would be straightforward to provide SSO from Okta to Casper for user SSO to the self service portal...
Okta cannot support LDAP queries against its own directory (we call it Universal Directory) at this time- we do support authentication calls to Okta made via our API however- would require a bit of API work
Another way that customers could integrate Casper with Okta is by using an Okta group to create an AD account for new Okta users. The password in AD would get syncronised with the Okta password. This integration is when Okta pushes to AD- typically a customer wouldn't be using AD for windows authentication in this case. AD is just something they want Okta or google apps accounts pushed out to to allow for integration with wifi or apps like Casper that can't be integrated with other method's.
At some point we'll be to provision Okta users to an LDAP as well- just not yet
So in summary how can customers integrate Okta and Casper right now:
Set up an an AD to support LDAPS authentication and use an Okta group to push an account to AD for every employee who accesses Casper. The password for the AD (actually the employee is asked for the password for the Casper Portal,) is going to be the same as their existing Okta password
Look at building a solution via API call to authenticate to the Okta authentication REST API
If you don't use an AD but you do have an existing LDAP then a) integrate Casper with that LDAP for authentication to the Casper Portal- users auth to Casper with their LDAP portal and b) integrate the same LDAP with Okta using Delegated authentication (users log into Okta using their LDAP password and can also do an LDAP password reset from Okta.)
in future:
Okta may allow customers to integrate applications like Casper directly with its own internal LDAP (universal directory) for authenticating user sessions in Casper etc
Casper may provide SAML integration support - and then Casper will be an application that Okta users can SSO to directly from their Okta user/home page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 08-02-2016 12:12 PM
Update: Casper Suite v9.93 has come out today with full support for SAMLv2. We have also fully tested support with Okta as well as many other IdPs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 06-06-2018 07:36 AM
Anyone connect with Google authentication or Sailpoint?
https://saaspass.com/sso/jamf-multi-factor-authentication-mfa-single-sign-on-saml.html
