Under the SAML Service Provider Configuration tab, enter the following values: Message for MFA Requests - Enter the user-facing message for Push, SMS, and email MFA requests (optional). Out of Band Methods - Select the allowed methods for approving MFA requests.Type - Select "SAML Service Provider" from the options.Name - The application name displayed in the admin panel and application portal and used for push notifications and audit logs.In the New Application form, enter the following values under the General tab. Login to the Acceptto Dashboard with an administrative account and go to Applications.Ĭreate a new application by selecting the Create New Application. Keep the default settings in the User Mapping section.Īcceptto SAML Configuration as Identity Provider (IdP) # It should be, where myorganization is your unique identifier in Acceptto cloud. In the Identity Provider Metadata Source, select Metadata URL and paste your organization's Metadata URL on Acceptto. This is the metadata URL of Jamf Pro, and is required for the Acceptto configuration in the next section. In the Identity Provider part, select Other and type a name in the blank part. On the Single Sign-On Settings page, click Edit.Ĭheck the Enable Single-Sign-On Authentication box. Login to your Jamf Pro tenant and navigate to System Setting > Single Sign-On. Pre-Requisites #Īn Acceptto account with a configured Identity Provider and LDAP Agent (See this page for the instruction).Ī user with administrative privileges for the Jamf Pro portal.Ĭonfigure Jamf Pro as a SAML Service Provider # Acceptto integrates with Jamf Pro to improve the security of users' logins into the Jamf Pro through its Intelligent SSO-MFA solution. Jamf Pro is the Enterprise Mobility Management software that can manage an organization's Apple Ecosystem. Has anyone else ran into this issue or found an alternative way of deploying Duo to Macs ?Īny and all help would be greatly appreciated.Multi-factor authentication (MFA) is an extra layer of security used when logging into websites or apps to authenticate users through more than one required security and validation procedure that only they know or have access to. If we install Duo on a Macbook then ship it to a remote user, it is essentially a paper weight that they can’t login to or connect to the internet with. This causes conflicts with Duo to where a user is unable to login to the Mac because it is not connected to the internet and it will block a user from logging in, We have it set to enroll them into offline access as well, but this will not prompt them to do so until after they complete the 1st initial authentication while online.Īll of our Macs are on the latest software at the time of writing, 12.5.1 and we are using MacLogon-2.0.0.pkg being installed through a policy in Jamf Pro. As i understand it by default macOS will not allow you to select or change wifi networks from the login screen. Our issue is with the Mac users that work remote. We are deploying Duo through Jamf and we have no issues using the automated enrollment for Mac users that are in office. Creating a topic here to possibly get some help on an issue we’ve been running into using Duo MFA and macOS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |