Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.

Two-Factor Authentication

Implemented in 9.93
Posted: 3/5/12 at 6:40 PM by kyle.seton Last Response: 6/21/17 at 6:26 AM by dooley_do

Two factor authentication integration with RSA tokens or YubiKey ect. For access to the JSS either via enrolment or standard JSS login. At my organisation we are heavily regulated and not allowed to have access to LDAP accounts in our DMZ. With this integration of two-factor authentication we can remove the work a rounds we have in place and uses the JSS for all it is worth. This would also provide another level of security that could be incorporated in to other organisations to stop AD accounts being locked out by intentional failed logging attempts via the JSS or failed enrolments attempts.

http://www.yubico.com
http://www.rsa.com

Implemented in 9.93 Responded: 8/2/16 at 11:14 AM by beth.lindner

As of the Casper Suite 9.93, support for Identity Providers using SAML 2.0 has been added for some portions of the Casper Suite. Single Sign-on can now be enabled for JSS access, macOS (OS X) Self Service logins, and User-Initiated Enrollments for iOS and macOS logins using any IdP that supports SAML 2.0. This feature is available in the JSS System Settings. By integrating with an Identity Provider we can also have a solution with providers such as Duo for Two-Factor Authentication.

We do note this request is for a built in feature for Two-Factor Authentication rather than a SAML implementation, however we believe we have solved the highest priority problems with Two-Factor Authentication via the Single Sign-on vehicle and are marking this feature request as implemented. We continue to look for feedback from the members here on whether or not the feature released meets all the needs of various environments. If there is a need to enhance this feature or if Single Sign-on does not help us with the workflows we need today, please help us understand the current priority of that need by submitting a new feature request. Submitting a new request rather than maintaining this older one will help us reset the bar with this community. We analyze feature requests to assist in understanding where the community’s needs are at during this point in time as we continue to plan for the future. Thanks for the great request, we look forward to your feedback on the release!

Webhooks for Slack/HipChat Notifications

Partially Implemented in 9.93
Posted: 7/26/15 at 7:49 PM by emily Last Response: 6/15/17 at 3:26 PM by brysontyrrell

It would be really really really really really great, helpful, wonderful, magnificent, if the JSS could allow at the very least an outgoing webhook that could be used for alerting/notifications in other services. For example, the latest release of AutoPkgr put in a webhook integration so it could send alerts to Slack and HipChat. It would be really useful in terms of workflow for instant notifications that didn't rely on an email sender to have the JSS send notifications to Slack/HipChat/etc. via webhook.

Here is Slack's incoming webhooks integration details for reference: https://api.slack.com/incoming-webhooks

Partially Implemented in 9.93 Responded: 8/18/16 at 1:52 PM by erin.miska

As of the Casper Suite 9.93, you can create outbound webhooks for most events in the API. This allows you to trigger custom workflows (built with the programming language of your choice) when one of these events occur.

Make Reported IP available in the API

Implemented in 9.93
Posted: 7/19/16 at 7:58 PM by jamesandre Last Response: 3/24/17 at 9:40 AM by Sterritt

I've upgraded to 9.92 but cannot see the Reported IP in the /computers/id/{id} section of the API.

Can we have it available in there please? Unless of course it is already in there somewhere and I failed to see it with my man-look skills.

Implemented in 9.93 Responded: 8/2/16 at 2:21 PM by beth.lindner

As of the Casper Suite 9.93, both the IP address and the last reported IP address are available via the API. Thanks for this request! Keep the great ideas coming!

Let us use the Proxy config profile within JSS

Implemented in 9.93
Posted: 10/5/15 at 10:42 AM by PhillyPhoto Last Response: 3/2/17 at 3:57 PM by bentoms

One of the configuration profiles available in the "Profile Manager" within OS X Server is to configure the proxy in OS X. Right now I'm using a script, but that only works for network devices installed at the time the script is run. If someone goes out and buys a new ethernet adapter, they would have to know to run the policy again. I'm not sure why all profiles available in OS X Server aren't available within the JSS. I've created the policy on the server and then uploaded it to JSS, but it just shows up with the general info, and doesn't even show anything under "custom". Below are all the different options available:

OS X and iOS
-General
-Passcord
-Mail
-Exchange
-LDAP
-Contacts
-Calendar
-Network
-VPN
-Certificates
-SCEP
-Web Clips
-Fonts
-AirPlay
-Security & Privacy

iOS
-RestrictionsGlobal HTTP Proxy
-Content Filter
-Domains
-Single Sign-On
-AirPrint
-Subscribed Calendars
-APN
-App Configuration
-OS X Server Accounts
-Network Usage Rules

OS X:
-Identification
-Restrictions
-Messages
-AD Certificate
-Login Items
-Mobility
-Dock
-Printing
-Parental Controls
-Finder
-Accessibility
-Proxies
-Custom Settings

Implemented in 9.93 Responded: 8/2/16 at 2:29 PM by beth.lindner

As of the Casper Suite 9.93 the Proxies payload is now available for Computer Configuration Profiles. This feature requires macOS 10.11 and later. Of the list provided only Network Usage Rules remains unreleased. Stay tuned for a future release for more information regarding that payload.

Active Directory Connection Agent for Hosted Services

Implemented in 9.93
Posted: 9/11/14 at 8:06 AM by rbecerra Last Response: 1/19/17 at 8:51 PM by Techology

Would be very helpful if there was an agent or something to install on the PDC or SCD or even another server within the domain when using a cloud instance of the JSS to avoid having to poke a hole into the environment just to connect to LDAP.

Every other service/vendor we use offers this capability, even the free ones like Meraki, yet JAMF does not? Would be better overall for security if this was an option or made available.

Implemented in 9.93 Responded: 8/2/16 at 1:13 PM by beth.lindner

As of the Casper Suite 9.93, an LDAP Proxy is now offered to help solve the problems that arise when we want to utilize Directory Services externally but need to protect our environment from that outside world. The LDAP Proxy is hosted on the Infrastructure Manager and is available for download via JAMF Nation’s My Assets area. Currently the Infrastructure Manager runs on Ubuntu 14.04, please see the install directions for more information. Also with the release of Casper Suite 9.93, support for Identity Providers using SAML 2.0 has been added for some portions of the Casper Suite. Single Sign-on can now be enabled for macOS (OS X) Self Service logins using any IdP that supports SAML 2.0. This feature is available in the JSS System Settings.

At this time, we believe we have solved the highest priority problems with keeping Directory Servers protected with a combination of Single Sign-on and the LDAP Proxy. We are marking this feature request as implemented but we are always looking to gather current feedback from the members here on whether or not the features released meet all the needs of various environments. If there is a need to enhance these features, please help us understand the current priority of that need by submitting a new feature request. Submitting a new request will help us reset the bar with this community. We analyze feature requests to assist in understanding where the community’s needs are at during this point in time as we continue to plan for the future. Thanks for the great request, we look forward to your feedback!

Patch Management Integration

Partially Implemented in 9.93
Posted: 7/6/12 at 8:45 AM by CasperSally Last Response: 12/17/16 at 5:24 AM by bentoms

Patch management (especially for 3rd party products) seems like the one big area that Casper is lacking. With our PC management suite, we can patch Apple/Adobe/OS and dozens of other software titles (if not hundreds).

For our PCs, we just select the apps we want to patch, stage those patches to test computers, and once the patch is tested, deploy to production.

It would be nice if Casper implemented some way for their customers to do something similar beyond having customers packaging and managing individual patches.

Partially Implemented in 9.93 Responded: 8/2/16 at 9:59 AM by erin.miska

As of the Casper Suite 9.93, we have added some initial patch functionality for 34 supported third-party titles. For each of these titles, you can get automated compliance reports, notifications for available updates, and easier patch scoping. (See https://jamfnation.jamfsoftware.com/featureRequest.html?id=224.) Look for additional supported titles and expanded patch functionality in future releases.

Hide/Block Music App on iPads

Implemented in 9.93
Posted: 10/29/14 at 4:02 PM by CairoJXP Last Response: 12/7/16 at 9:32 AM by RLR

When you open the music app on iPads it shows iTunes radio along with album covers. Some of these album covers are inappropriate for younger kids (ie. grades k-5), thus we need a way to block access to this app.

I've also submitted something about this to apple through their iPad feedback page.

Implemented in 9.93 Responded: 8/2/16 at 2:25 PM by beth.lindner

As of the Casper Suite 9.93, new restrictions have been added to Mobile Devices which includes "Allow Apple Music.” This new feature is for Supervised, iOS 9.0 and later devices. Thank you to everyone who made Apple aware of this need!

Allow Duplicate App Store Names in a Multi-site Environment

Implemented in 9.93
Posted: 2/26/15 at 8:41 AM by rdwhitt Last Response: 10/10/16 at 5:19 PM by rdwhitt

This goes into the ever growing "Sites need to be as separate from each other as possible" bucket.

In a multi-site environment, please allow each site to deploy the same App Store App without having to alter the display name.

We have multiple sites, each with different admins. The site admins cannot see anything that the other site admins have done, including what apps are being deployed. If one site has already deployed an app, another site wanting to deploy the same app will receive a "Duplicate" error on the display name. The only fix is to alter the display name to something else which is not ideal.

For example:
Site 1 decides to deploy an app, such as Evernote. This is the first site to deploy this app so there are no issues.

Site 2 then decides to also deploy Evernote to their users. When clicking on "save" they receive a "duplicate" error on the display name. This is confusing to the admins since they do not know that another site has already deployed the app. If they alter the display name to something like "Evernote-2" then they can deploy the app.

Although this is an interesting mini-game for sites (who can get the app name first!), it's not ideal.

Implemented in 9.93 Responded: 9/27/16 at 2:41 PM by beth.lindner

As of the Casper Suite 9.92, multiple versions of the same In-House App can now be scoped to a device and the JSS will automatically deploy the greatest version of the In-House App to the device. Older/Lesser versions that are also in scope for the device will be ignored.

As of the Casper Suite 9.93 the functionality to have multiple copies of the same App is fully present. Whether using a Site or a Full JSS we can add Mobile Device Apps, from either an in-house developer or from the App Store, with duplicate Display Name, Version and Bundle Identifier. If there are any struggles with this solution please don't hesitate to contact our Support department for assistance filing a Product Issue!

SAML support for self-service

Implemented in 9.93
Posted: 9/23/13 at 12:03 PM by ShakataGaNai Last Response: 10/6/16 at 11:30 AM by ekkehard

I work for a cloud company which doesn't have AD or LDAP. We would like to move to JSS Cloud, but how do we secure it? API can do part of the work, but what we'd really like to have is single sign-on. There are a number of SSO vendors/options/technologies out there, the biggest and most widely compatible is SAML. So please, support SSO standards, add SAML.

Implemented in 9.93 Responded: 8/2/16 at 10:19 AM by beth.lindner

As of the Casper Suite 9.93, support for Identity Providers using SAML 2.0 has been added for some portions of the Casper Suite. Single Sign-on can now be enabled for macOS (OS X) Self Service logins using any IdP that supports SAML 2.0. This feature is available in the JSS System Settings.

At this time, we believe we have solved the highest priority problems with Single Sign-on and are marking this feature request as implemented. However, we continue to look for feedback from the members here on whether or not the feature released meets all the needs of various environments. If there is a need to enhance this feature, please help us understand the current priority of that need by submitting a new feature request. Submitting a new request rather than maintaining this older one will help us reset the bar with this community. We continue to analyze feature requests to assist in understanding where the community’s needs are at during this point in time as we plan for the future. Thanks for the great post, we look forward to your feedback!

Dashboard graphs containing more than version

Partially Implemented in 9.93
Posted: 9/29/16 at 11:31 AM by swhps

Taking this from McAfee EPO dashboards, It would be handy for the JSS dashboard to show when there are applications of multiple versions.

Have an graphic/chart for Microsoft Outlook and with in it shows there are 40 with version 15.1, 20 with version 15.2, 60 with version 15.4 and so on.

So doing a search on MS Outlook and the result being the various versions, then count the number of each version and report in a pie chart or text list. Obviously you want them to all be on the save version but realistically they won't be.

Partially Implemented in 9.93 Responded: 10/4/16 at 4:39 PM by erin.miska

We've actually started to do something similar as part of our patch reporting functionality that was release in the Casper Suite 9.93! Check out the screen shot below.

I've marked this as a partial implementation since this functionality is limited to about 30 software titles right now.