The single sign-on (SSO) options available differ for administrators and end users, and depend on whether you have a modern cloud identity provider (IdP) available in your environment.

OIDC-Based SSO in Jamf Account

Jamf's platform approach to SSO, powered by a protocol called OIDC (OpenID Connect) is required to access certain Jamf platform capabilities and services, such as blueprints.

An administrator can use either of the following options for streamlined login across the platform:
  • OIDC Identity Provider (IdP)For organizations using a modern cloud IdP (e.g., Microsoft Entra ID, Okta, or Google Identity).
  • Jamf ID

    For organizations not using an IdP, Jamf ID is available as an SSO option.

For more information, see SSO with OIDC Through Jamf Account.

SAML-Based SSO

For end users, you can integrate with an IdP to enable SAML-based SSO for Automated Device Enrollment (with an Enrollment Customization SSO authentication pane), Device Enrollment (also known as "user-initiated enrollment"), and Jamf Self Service for macOS. This option can also be used to require administrators to authenticate when accessing the Jamf Pro server. For more information, see SSO with SAML.

For administrators with supported environments, OIDC-based SSO for the Jamf Pro server is recommended to ensure full compatibility with upcoming Jamf platform capabilities and services.