Zero Trust Network Access (ZTNA) Never trust. Always verify.

A VIP guest list for secure access to work resources.
Zero Trust Network Access from Jamf protects a person using an iPhone and MacBook.

No credentials or authorization? No access.

Grant app-specific access only to devices and users that meet requirements. All others denied by default.

Zero Trust Network Access (ZTNA) restricts access to corporate resources by default and ensures:

  • Devices only access resources after successful user authentication and verification that the device is free from threats

  • Data independent from devices or authentication credentials is secured

  • Each unique app, service and data request requires verification before it grants access

Zero trust network access means end-users such as this person using a MacBook can rest assured that their privacy is protected.

What is the difference between ZTNA and VPN? Context-aware access policies

VPN provides users direct access to networks. ZTNA allows only specific apps and services to connect — and only to verified users.

Context-aware access policies allow you to control user access to organizational resources and networks based on their context, such as whether a device complies with IT policy, whether the connection is encrypted and if the user's ID is confirmed.

Using Jamf's context-aware access for compliance delivers:

  • Policies that allow or deny access based on requirement attestation

  • Granular configuration or requirements for authorizing enrolled devices

  • Always-on, low-latency secure connections enforce end-user privacy

  • Uniform policy enforcement across data centers, clouds and SaaS apps


An Advanced Guide to Identity Management and Security

Learn how identity management goes well beyond authentication and authorization as organizations look to leverage user identities as a path to reaching their zero-trust security goals.


Mobile Threat Defense for Beginners

Apple builds one of the strongest out-of-the-box secure platforms on the market, and as Apple devices and fleets increase within enterprises and organizations so do threats that target Apple devices and operating systems. Arm yourself with Jamf.

Jamf Zero Trust Network Access: an ID icon connects the cloud and a MacBook.

Manage risk, not infrastructure.

The benefits of using Jamf ZTNA

ZTNA keeps organizations and employees safer by providing more security measures than VPN does: multi-factor authentication, encryption, and policy-based access controls.

Using Jamf for remote access ZTNA delivers:

  • Real-time assessment of risk data that evaluates device health and ensures compromised endpoints are not accessing sensitive information

  • Cloud-based infrastructure integration without complex hardware or software to manage or expensive support contracts

  • Intelligent split-tunneling technology that preserves privacy while ensuring business connections are secure

  • Seamless reconnections after disruptions while maximizing battery and performance

An employee accesses work resources on a MacBook after presenting correct credentials on a verified device.

How do you implement ZTNA?

Zero-trust access explanation and technical details

Jamf Connect's Zero Trust Network Access capability can operate as both a standalone service or as a feature of our security products such as Jamf Protect.

You'll need:

  • A third-party identity provider (IdP)
  • Devices with the Jamf Trust app installed
  • Jamf Security Cloud

Jamf Security Cloud routes access traffic and provides reporting with a globally-distributed infrastructure. Its multi-policy engine applies access, data and security policies simultaneously as configured in RADAR.

Zero-trust access forwards routing connectivity options that provide packet-level access to applications, an optional secure web gateway and secure client connectivity.

Jamf Connect's Zero Trust Network Access uses the Wireguard VPN protocol for packet routing.