Jamf and Okta: Identity management that innovates with Apple
If you don’t know already
Jamf, a leading Apple device management and endpoint security solutions provider, has teamed up with Okta to introduce public support for Apple’s Platform Single Sign-On (PSSO) framework on macOS, representing the first large-scale offering to the market. PSSO, which Apple showcased at WWDC 2022, provides a seamless and secure Identity management experience for Mac users, with Okta and Jamf customers leading the way.
Platform Single Sign-on (PSSO)
PSSO, in its simplest form, syncs a user’s local macOS account password with their Identity provider (IdP) password. This means you have one password to remember for your Mac login and apps. Inherent to deploying PSSO, the Identity provider’s authenticator app and Single Sign-On Extension (SSOe) are installed automatically by Jamf Pro. With these installed on their devices, users can enjoy passwordless and secure biometric authentication using Touch ID to unlock their devices and access their apps. It truly is a consumer-grade user experience but with enterprise-grade phishing-resistant security. Combined, users are more productive by spending less time locked out of their devices and logging in to apps.
Jamf and Okta
Jamf's track record of collaboration with Apple positions them as leaders in supporting and innovating with Apple technologies. Jamf was among the first to provide support for PSSO profiles, which is consistent with our same-day product support philosophy. Okta, as the first Identity provider to support PSSO, worked diligently to update Okta Verify, FastPass extension, and backend to support the new flow. Working together, we even identified deployment best practices that could further enhance the end user’s experience. The teams also worked together to ensure compatibility with Jamf Connect, which further improves advanced Identity workflows on macOS devices.
This partnership simplifies user enrollment and enhances security. It also signifies a crucial step toward providing a native and secure Apple access and Identity experience. The commitment to bridging the gap between security and usability represents Jamf’s dedication to delivering best-in-class solutions for Apple platform users.
Let’s take a step back and look at what a best-in-class solution for organizations with Apple devices looks like.
Jamf is unique in the device management and endpoint security space for having introduced a concept last year, Trusted Access, that at first sight appears to be a Zero Trust solution with an impressive focus on end-user experience and privacy. By integrating device management, Identity verification for secure access to resources, endpoint protection, and Apple-specific threat prevention, Trusted Access ensures that only authorized users on enrolled devices that are secure and compliant can access sensitive data.
Trusted Access is built for organizations — particularly those with a strong Apple install base — to address the challenges of achieving secure access in remote and hybrid work environments, such as complexity, connectivity issues, and inconsistent controls.
It offers an integrated approach from a single vendor while also:
- Offering end users the Apple user experience they love and have come to expect
- Streamlining and automating repetitive administration tasks
- Supporting new OS releases the same day they come out
- Developing Apple threat intelligence that spots malware and other threats targeting Apple before most other vendors that are Windows- and Android-focused.
Trusted Access components work together to provide end users with quick and secure access to business applications, giving IT and Security teams peace of mind about your organization’s security threat prevention, detection, and response.
At the heart of Jamf’s Identity and access vision is Jamf Connect. Jamf Connect is purpose-built for Mac and mobile devices to streamline provisioning, authentication, Identity management, and remote access. Jamf Connect has been enhanced to include next-gen Zero Trust Network Access (ZTNA) capabilities that rely on a user’s strongly verified identity to provide least-privilege access to company resources. Connect’s cloud-native, Wireguard-based routing technologies offer always-on, low-latency connectivity to company resources that can move freely with users throughout their day across WiFi and cellular networks. If a user loses permissions or a security risk is detected on a device, existing and new connections to apps and data can be blocked automatically within seconds.