Jamf is the global standard for Apple-first management and security, helping over 75,300 organizations worldwide manage and secure over 33 million devices. As the company grew from a bootstrapped startup to a global organization with 2,500+ employees, its internal and external identity needs scaled exponentially.
Rapid growth and an on-premises identity solution led to fragmented login experiences and governance audits requiring seven hours of manual data capture. These disparate processes became a barrier to global scaling, burdened identity teams with inefficient workflows, and threatened Jamf's long-term goal of establishing an identity security fabric to protect millions of customer devices.
Transforming identity into a strategic security asset
Initially, Jamf used Microsoft Active Directory (AD), but AD’s limitations became increasingly apparent over time. The company needed a cloud-native identity solution to stay agile.
They chose Okta for its platform-agnostic philosophy, ensuring any tool with OIDC or SAML integration fit seamlessly into the ecosystem. This neutrality allowed Jamf to reclaim agility by integrating Okta Workforce Identity and Workday as its HR source of truth to automate the identity lifecycle.
Beyond operational ease, Okta provided the centralized visibility to shift identity from administration to security. “Okta gives us a centralized control plane to enforce access policies consistently across our entire environment from corporate SaaS applications to our cloud infrastructure,” says Mario Villatoro, vice president and chief information security officer.
By establishing this control plane, Jamf strategically realigned resources. “Identity is our first line of defense,” says Daniel Bolens, senior IT systems administrator. “Because of Okta, we moved our team to security, reinforcing that identity is the primary focus for our entire security strategy.”
When asked to list the Okta solutions Jamf actively uses, Villatoro says: “It would be easier to list the ones we don’t use.” The team has adopted nearly every Workforce Identity solution, from Adaptive Multi-Factor Authentication (MFA) and Okta Workflows to Okta Identity Governance (OIG) and Identity Threat Protection (ITP).
Scaling workforce productivity and M&A agility
Workflows have been particularly impactful, allowing IT to add custom automation to identity flows. This automation reduced provisioning time for new employees by 90% and increased day one productivity by 60%. The impact on acquisitions was equally transformative, with employee migration times dropping by 75%.
“Previously, we created each employee account manually. In our most recent acquisition, we just imported the new users and we were done in less than three hours,” Bolens says.
Automating governance and real-time threat response
Whether onboarding a single new hire or migrating an acquired workforce, the next challenge is ensuring that access remains secure over time. As part of Jamf’s mission to shift governance from a compliance-driven activity to a core security function, they centralized audit and access certification with OIG.
OIG enables the IT team to replace manual audits with time-based audits, ensuring people have access to the right resources continuously. Bolens says: “OIG puts the power of the audits in the hands of the end user, where they don't have to submit a ticket to us. A report runs automatically, and we have that proof for the auditors immediately.”
While OIG secures the governance layer, ITP provides real-time context and risk monitoring. ITP acts as an automated first responder across Jamf’s organization, revoking compromised sessions and blocking malicious IPs based on risk signals, often before the security team even receives an alert.
“I can look at our Okta logs, but I don't have to do anything anymore. ITP is already taking action against threats I used to handle manually,” Bolens explains.
This automated response model is further strengthened by Jamf Pro’s integration with Okta via the Shared Signals Framework (SSF). The integration provides customers with richer device risk signals and additional context to inform identity-driven responses.
With OIG and ITP working together, Jamf moves toward a prioritized view of user access that focuses on actionability and rapid risk mitigation within Okta.
Securing cloud sprawl and devices
Other than mitigating user level threats, Jamf had to address structural risks hidden within its expanding infrastructure. As Jamf scaled through acquisitions, its cloud environment became a complex web of hundreds of AWS and Google Workspace accounts. To regain control, Jamf implemented Identity Security Posture Management (ISPM) to serve as a control plane that monitors and manages risks throughout their cloud infrastructure. This allowed Jamf to detect and register 700 rogue Google accounts outside the team’s governance.
“We realized that anybody could just go out and make a Google account with whatever email and domain they want,” Bolens says. “ISPM helped us identify and claim those accounts. It went surprisingly quick — about two months.”
Jamf aims to create a seamless flow between visibility, detection, and response by building an identity security fabric with Okta. The team plans to connect ISPM telemetry directly to ITP, feeding cloud risk signals into real-time remediation.
Jamf is also extending its identity security fabric to the hardware layer by utilizing Okta Device Access (ODA) for endpoint access management. By establishing trust at the hardware level, Jamf leverages ODA to sync cloud credentials with local Mac passwords, providing a consistent and secure login experience for employees.
“There's an additional level of security that ODA allows us to deliver to our hardware,” Bolens says. “It also just makes the experience better for employees — having that unified login experience where you log in to your Mac for the day and have access to all your apps.”
Bolens also notes that ODA “takes what Okta is so good at with software and applies it to hardware,” ensuring that even if a device is lost, the identity remains secure and the endpoint remains a protected, integrated component of Okta’s unified platform.
Unifying the customer experience and driving engineering velocity
The identity challenges weren't limited to the employee experience. Jamf’s product engineering team faced similar challenges with external users, as customer credentials were siloed across six products. This forced teams to manage SAML integrations rather than building new features. By launching Jamf ID and supporting customer IdP federation through Auth0, Jamf unified this fragmented architecture. This single, secure identity layer allows credentials to be safely stored or seamlessly bridged.
“We needed a unified login experience to begin with, and that’s really what got us started down the journey of looking at Auth0,” says Akash Kamath, senior vice president of software engineering. “Our goal is to use Auth0 as the secure front door, providing a single, unified experience for our customers.”
With Auth0, Jamf deploys advanced security features with minimal overhead. The team tested these features after receiving spam alerts on their Jamf Nation community site.
"We had quite a big issue with spam for a while," Jake Schultz, staff software engineer explains. "Turning on Auth0 Bot Detection reduced that by around 40%."
Today, Jamf ID is the secure default for all new customers, while offering the flexibility to federate a preferred IdP at any time. This approach optimizes the user experience while maintaining a robust security posture. “Auth0 gives us the time to focus on features to deliver to our customers. We don’t have to care which identity provider they use. We can just let them set it up and go,” says Schultz.
The company is already looking toward the next phase of Jamf ID: the transition to a fully passwordless environment. "One that’s coming up in the next month is Passkeys," says Schultz. "If we didn't have Auth0, we would’ve had to build out that integration completely from scratch. Now, we can just check a box and allow customers to use Passkeys with their Jamf ID."
Governing the “4As” and the NHI frontier
While Jamf has already seen immediate results, the team views its current implementation as the start of an identity security journey that scales to meet the challenges of the “4As”: Apps, APIs, AI, and Agents. “I think non-human identities are currently one of the hardest things to manage because they don’t belong to a single user,” Bolens explains.
Currently, Jamf uses a “trifecta” of tools to discover and manage these identities. This strategy utilizes ISPM for visibility across their cloud infrastructure, Okta Privileged Access (OPA) to vault NHI credentials and enforce automated rotation, and OIG for continuous auditing and assignment of NHI ownership to close gaps in service account continuity.
In the future, the company also hopes to extend these capabilities by expanding OIG to include event-based access reviews and utilizing deeper security telemetry from ISPM and Jamf Trust into ITP — establishing a real-time feedback loop that identifies and neutralizes threats while moving toward a Zero Standing Privileges model.
“I don't know that Jamf would be where it is today without using Okta,” Bolens says. “They’re listening to customer feedback, and they want us to succeed. Everything we do with Okta is awesome.”
For Villatoro, the collaboration represents a fundamental shift in how Jamf protects its ecosystem. “Identity is the thread running through our entire security architecture,” he says. “As that architecture evolves, so does Okta’s role. We will lean on Okta to govern the full spectrum of access for humans, non-humans, and digital workers alike.”
About Customer
Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy.
