Jamf Pro
Last reviewed: 6 months ago
This guide covers how to configure Jamf Pro ↗ as a SAML application in Cloudflare Zero Trust.
- An identity provider configured in Cloudflare Zero Trust
- Admin access to a Jamf Pro account
- In Jamf Pro, go to Settings > Systems > Single Sign-On > Edit.
- Copy the pre-populated URL in Entity ID.
- Paste the URL in a web browser to download the Jamf metadata file.
- Open the
metadata.xml
file in a text editor, and copy the values for Entity ID and Assertion Consumer Service.
- In Zero Trust ↗, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, enter
Jamf
orJamf Pro
and select the corresponding textbox that appears. - For the authentication protocol, select SAML.
- Select Add application.
- Fill in the following fields:
- Entity ID: Entity ID value from Jamf Pro metadata file.
- Assertion Consumer Service URL: Assertion Consumer Service value from Jamf Pro metadata file.
- Name ID format: Email
- Copy the SAML Metadata endpoint.
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
- Paste the SAML Metdata endpoint from application configuration in Cloudflare Zero Trust into a browser.
- Copy the file and paste it into a text editor.
- Change
WantAuthnRequestsSigned="true"
toWantAuthnRequestsSigned="false"
. - Set the file extension as
.xml
and save.
- In Jamf Pro, go to Settings > Single Sign-On > Edit.
- In Identity Provider menu, select Other.
- Label Other provider as
Cloudflare
. - Fill in the following fields:
- Entity ID: Entity ID from Jamf Pro metadata file.
- Identity Provider Metadata Source: Select Metadata File and upload the
.xml
file from step 2. Edit Access SAML Metadata. - Identity Provider User Mapping: Name ID
- Jamf Pro User Mapping: Email
- Turn on Single Sign On.
Log out of Jamf Pro and open an incognito browser window. Go to your Jamf Pro URL. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider.