Configuring UEM with Jamf in Ivanti Access

Ivanti Access integrates with Jamf (UEM vendor) to provide Zero Sign-on capability for desktops or laptops managed by them.

Before you begin 

• Verify that you provide the CA signer certificate from the 3rd party UEM used for the identity certificate in the managed desktops.

• Verify that you have the Desktop Identity Certificate CA referenced in Certificate based Single Sign On (Profile >Federation).

• Download the PKG file from Ivanti support site.

Procedure 

1. Login to Access > UEM > 3rd Party UEMs.

2. Click Connect UEM.

3. Select Jamf.

   

4. Enter the following details:

   1. Enter a Name.

   2. Click Add Certificate under Desktop Identity Certificate CA.

5. Enter the Certificate Name and add the certificate.
   Or
   Paste the certificate.
   Only PEM and CER file types are allowed.
   

6. Click Done.

7. Click Next.

8. (Optional) Enter the Management Check details.

   Check whether desktop is registered to Jamf and check compliance if smart group is provided.

   • Enable to toggle for "Verify desktop is managed by Jamf and limit access to only managed desktops".
     Enabling this option performs a check during Authenticate registration and authentication to service providers.

   • Enter the Tenant URL.

   • Username

   • Password

     
     
     

9. (Optional) Enter the compliance criteria using Smart Group to enable restricted access to service providers.
   Use the Zero Sign-on rule to enforce that only desktops compliant with this criteria are able to access the service providers governed by the policy.
   

10. Click Done.

11. Under UEM > 3rd Party UEMs, the Jamf instance is created.

12. Click Download Plist and save the XML as a .plist file to upload in Jamf.
    

Next steps 

• Configuring Authenticate on Jamf