Zero Sign-on from desktops managed by JAMF

The MobileIron FIDO2 Zero Sign-on solution allows you to provide a password less log in experience from your JAMF managed desktops.

Use cases

The following use cases are supported for passwordless log in:

  • Log in to cloud services from desktops managed by JAMF on the desktop.

    Users are automatically authenticated using macOS TouchID if the device supports TouchID. Entering their username and password is not required.

    This use case does not require that you also have a MobileIron Cloud deployment.
    This configuration is optional and if turned off by default.

  • Log in to cloud services from desktops managed by JAMF using push notifications.

    Users are prompted to allow the access from a push notification sent to a MobileIron managed or Auth-only mobile device. Entering their username and password is not required.

    This use case requires that you also have a MobileIron Cloud deployment.

  • Log in to a desktop using push notifications.

    Users are prompted to allow the access from a push notification sent to a MobileIron managed or Auth-only mobile device. Entering their username and password is not required.

    This use case requires that you also have a MobileIron Cloud deployment.

Authentication flow from desktops

Figure 1. Authentication flow from JAMF managed desktops

1. User requests access to a cloud service from a JAMF desktop.
2. The cloud service redirects user to the configured identity provider (IdP)to authenticate. Since Access is the configured IdP, the request is redirected to Access.
3. Access generates a new SAML response to redirect to the original SP. The original SP obtains the user identity from the SAML response and presents the personalized screen to the user.

Required MobileIron components

  • MobileIron Authenticate for macOS
  • MobileIron FIDO2 cloud instance (Access in the EAP cluster with configured SP+IdP federated pairs)
  • MobileIron Cloud deployment if push notifications to a MobileIron managed device is needed.

Supported devices

  • macOS devices managed by JAMF

Supported browsers

  • macOS: Safari, Chrome