OIDC (OpenID Connect) single sign-on, configured in Jamf Account, allows administrators to use a centralized SSO configuration for all supported Jamf products. OIDC-based SSO is required to access some Jamf platform capabilities and services, such as blueprints and compliance benchmarks.

This SSO integration allows you to use a cloud-based identity provider (IdP) configured in Jamf Account to log in to supported Jamf products. If you do not have an OIDC-based IdP available, you can log in using your Jamf ID.

With SSO configured in Jamf Account, you can use this authentication method across these supported Jamf applications:

  • Jamf Pro

  • macOS Security portal (Jamf Protect)

  • Jamf Security Cloud portal (Jamf Protect and Jamf Connect; business customers only)

  • Jamf Safe Internet portal

  • Jamf Executive Threat Protection

  • Jamf School

  • Jamf Routines

Although SSO can be integrated by configuring it for each application, Jamf Account is the preferred integration. Integrating with Jamf Account removes the need to do separate configurations for each application.

For Managed Service Providers, you and your customers can both configure OIDC-based IdPs in Jamf Account. MSP and customer accounts must both have a contact with a role of Administrator or Organization administrator in Jamf Account. For assistance with Jamf Account roles, contact partners@jamf.com.
Note:

If you need to remove a user who authenticated with SSO, ensure the user is removed from your organization's IdP and Jamf portals, where applicable.