Identity sits at the intersection of IT strategies and the new security perimeter for today’s work environments. Forgoing traditional network perimeter-based technologies, modern businesses rely on software tools and workflows that meet users where they are while securing devices consistently across multiple platforms.
Identity-first approaches form the ties that bind together comprehensive management and security strategies to holistically prevent highly sophisticated, evolving threats against users and multi-platform devices.
Based on the zero-trust maturity model, identity-centric strategies focus on the following core principles:
- Assume breach
- Adaptive authentication
- Explicit verification
- Context-aware access
- Least privilege
- Continuous monitoring
- Policy-based auditing
For those looking to implement identity as a foundational component to their cross-platform management and security strategy or customers who want to get the most out of Jamf Connect, check out this FAQ.
What is Jamf Connect?
Jamf Connect is an identity solution for Mac and mobile devices. It facilitates authentication and access to protected company resources through integration with cloud-based identity providers (IdP) for centralized management of user credentials.
Does it address password management and FileVault?
As part of centralized credential management, Jamf Connect synchronizes the user’s local account password on Mac with their cloud-based credential they use to authenticate during login. This not only cuts down on toil from keeping track of multiple passwords, but also facilitates simplicity when organizations implement Single Sign-On (SSO) for seamless access to company resources.
Now onto FileVault implementation, Jamf administrators use a workflow based on Apple’s “deferred enablement.” While the process is detailed here in greater length, Mac admins must deploy a FileVault configuration with Jamf Pro and enable a key in the configuration that allows Jamf Connect to securely escrow keys so that data on Mac is encrypted from the device’s initial deployment.
What are the requirements?
The comprehensive list of macOS requirements for Jamf Connect are kept up to date in our documentation section, however, the most common requirements are:
- Enrollment with an MDM solution, such as Jamf Pro, Jamf School or Jamf Now
- Managed computers with macOS 13 or later
Note: If using Jamf Pro as your MDM solution, Self Service+ and Jamf Pro must be able to communicate with the following domains:
- nom.telemetrydeck.com
- app.launchdarkly.com
- mobile.launchdarkly.com
- clientstream.launchdarkly.com
Which cloud identity providers (IdP) integrate with Jamf Connect?
Jamf Connect offers flexibility by supporting integration with many enterprise IdPs, such as:
- Microsoft Entra ID
- Okta
- Google Identity
- RapidIdentity – Identity Automation
- OneLogin
- IBM Security Verify
- PingFederate
Note: The list of supported IdPs evolves over time. However, if your preferred solution is not currently supported, you may still be able to integrate it if they support the Open ID Connect (OIDC) authentication protocol.
Is it necessary for zero-touch deployments?
Strictly speaking, no. Zero-touch deployments are made possible through configurations made within your preferred MDM solution.
However, if your organization wants (or needs) to deploy devices with management, security and identity as part of their zero-touch workflow so that endpoints are:
- Provisioned with the software and configurations that support end-user productivity
- Comprehensively managed and secured throughout the device’s lifecycle
- Compliant with company, industry and/or regional regulations from deployment
Then yes, Jamf Connect will be necessary to meet the requirements of an identity-centric management and security strategy.
How does Jamf Connect fit into a modern cybersecurity strategy?
Because of the continued reliance on cloud-based technologies, there’s been a paradigm shift from network perimeter-based strategies to a data-centric strategy. One that places the highest value on protecting data from threats across any device type or OS, and from any physical location on any network. Jamf Connect is the answer to this challenge by enabling organizations to create an identity-based strategy that converges management and endpoint security alongside flexible authentication and contextual access technologies to comprehensively protect devices and users using layered controls. Doing so empowers them to consistently deliver holistic compliance across an enterprise’s entire fleet of company- and personally-owned devices with parity.
What is the role of Jamf Connect in enabling Zero Trust Network Access?
Jamf Connect (identity and access), when paired with Jamf Pro (device management) and Jamf Protect (endpoint security), incorporates defense in depth into your enterprise cybersecurity strategies.
The tight integration between Jamf solutions, anchored by Jamf Connect, comprehensively supercharge strategies with Zero Trust Network Access (ZTNA) in the following ways:
- Devices and user credentials are always verified and never implicitly trusted.
- Multi-factor authentication ensures only authorized users access sensitive data.
- Mandatory least privilege gives users access to only what’s needed and approved.
- Access requests are segmented through unique microtunnels for added security.
- Context-aware policies enforce app and resource access based on attestation.
- Always-on encryption means data in transit is secure regardless of the network connection.
- Continuous monitoring of endpoints — on-device and in-network — reduces risk.
- Automated incident response and remediation workflows reduce downtime and threat mitigation.
- Policy-based compliance audits your fleet against security benchmarks to maintain strong security postures.
- OS-agnostic controls extend security across your infrastructure with parity and consistency.
How much does Jamf cost?
Jamf pricing is subject to the unique needs of your organization, including device counts and any additional services that may be requested. To determine the best solution for your needs, visit the pricing page or contact a representative to help understand which solution meets your specific management, identity and security needs.
