Keep the Duo Admin Panel open in your browser. You'll turn it on when you're ready to apply your Duo trusted endpoints policy. The new Jamf Pro with Device Health integration is created in the "Disabled" state.
On the "Add Management Tools Integration" page, locate Jamf Pro in the list of "Device Management Tools" and click the Add this integration selector.If you're adding another management integration, click the Add Integration button you see at the top of the page instead. If this is your first management integration, click the Get started button at the bottom of the Trusted Endpoints introduction page.Log in to the Duo Admin Panel and navigate to Trusted Endpoints.Note that you do not need to configure a Device Health policy in order to use Jamf with Device HealthĬreate the Jamf Pro with Device Health Integration Refer to the Duo Device Health documentation to learn about different options for deploying the application. Jamf versions prior to 10.28 may encounter errors during the nightly sync process with Duo.ĭeploy the Duo Device Health application to your Jamf-managed endpoints. The minimum recommended Jamf version for this integration is 10.28. When users authenticate to applications protected with Duo's browser-based prompt, Duo matches the device identifiers reported by the Device Health app with managed device information obtained from Jamf in a nightly sync via read-only API access (note this sync can't be manually initiated or rescheduled at this time). This integration relies on having the Duo Device Health app present on your Jamf-managed endpoints.
#Jamf pro mfa full#
#Jamf pro mfa password#
Enter and verify a password for the new user.Enter a username for the new account on the "New Account" page.If you chose to create a standard account: Select Create Standard Account or Add LDAP Account as desired, and then click Next. Log in to Jamf Pro as an administrator and click the Setting icon in the top-right.Ĭlick System Settings then click Jamf Pro User Accounts & Groups.Ĭlick New. You only need to create one Jamf API user for Duo to use with iOS and macOS. You must have previously configured LDAP directory services in Jamf in order to create a new LDAP account. Determine whether you plan to create a standard (local) account or an account from your LDAP directory before you begin. Create a Jamf API UserĬreate a read-only API user in Jamf for Duo to obtain managed macOS and iOS endpoint information. Access to the Jamf Pro Dashboard as an administrator with the rights to create roles, accounts, certificate authorities, and device profiles, and to create new policies and apply them to user targets.ĭuo's trusted endpoints solution supports both Jamf Cloud and on-premises Jamf Pro deployments.Access to the Duo Admin Panel as an administrator with the Owner, Administrator, or Application Manager administrative roles.RequirementsĮnsure you have the following access and privileges: Trusted Endpoints is part of the Duo Beyond plan. You can monitor access to your applications from trusted and untrusted devices, and optionally block access from unmanaged, untrusted devices. When a user authenticates via the Duo Prompt, we'll check for the presence of the Duo Device Health app or a Duo device certificate on that endpoint. Overviewĭuo's Trusted Endpoints feature secures your sensitive applications by ensuring that only known devices can access Duo protected services. Learn more about the end-of-life timeline and migration options in the Duo Trusted Endpoints Certificate Migration Guide. Migrate existing Jamf Certificate Deployment management integrations to Jamf with Device Health.
#Jamf pro mfa verification#
Supported MFA options include the following:Certificate-based Trusted Endpoint verification for Jamf will reach end-of-life in a future release. You may need to configure the Password Verification Success Codes setting for both the Jamf login window and menu bar to ensure password verification and syncing is successful.įor more information, see Authentication Settings.Įnabling MFA at the organization level is required Troubleshooting Deployment with Automated Device Enrollment.Editing the macOS loginwindow application.Preferences with the defaults Command-Line Tool.Password Hash Synchronization and Pass-through Authentication.
Network and Local Authentication Restrictions.Configuring Settings with Jamf Connect Configuration.