Rublon 2FA for Jamf Pro

Last updated on October 16, 2024

Overview

The purpose of this document is to enable Rublon Two-Factor Authentication (2FA) for users logging in to Jamf Pro. In order to achieve that, you have to use Rublon Access Gateway. All required steps will be described in this document.

Supported Authentication Methods

Authentication Method	Supported	Comments
Mobile Push	✔	N/A
WebAuthn/U2F Security Key	✔	N/A
Passcode	✔	N/A
SMS Passcode	✔	N/A
SMS Link	✔	N/A
Phone Call	✔	N/A
QR Code	✔	N/A
Email Link	✔	N/A
YubiKey OTP Security Key	✔	N/A

Before you start

You need to install and configure Rublon Access Gateway itself before configuring Jamf Pro to work with it. Please read the Rublon Access Gateway documentation and follow the steps in Installation and Configuration sections. Afterwards, follow the Configuration section in this document.

Configuration

Follow these steps to enable Rublon 2FA in Jamf Pro.

Jamf Pro

1. Log in to your Jamf Pro organization account.

2. Go to Settings.

3. Select Single Sign-On.

4. Select Edit in the bottom-right corner.

5. Check Enable Single Sign-On Authentication.

6. Set Identity Provider to Other.

7. Fill in the form. Refer to the following image and table.

Other Provider	Enter a name for your IdP, e.g. Rublon Access Gateway.
Entity ID	https://example.jamfcloud.com/saml/metadata Replace example with your subdomain.
Identity Provider Metadata Source	Select Metadata File and upload the metadata.xml file from Rublon Access Gateway (Applications → Information for configuring applications with Rublon Access Gateway → DOWNLOAD METADATA).
Identity Provider User Mapping	NameID
Jamf Pro User Mapping	Email

8. In the Security section, select Generate Certificate and then click Download Certificate.

9. Click Save in the bottom-right corner.

Rublon Access Gateway

1. In Rublon Access Gateway, go to Applications → Add application.

2. Fill in the form and click SAVE to add a new application. Refer to the following image and table.

Application name	Enter a name for the application, e.g. Jamf Pro. The name will be displayed during Rublon 2FA.
Entity ID	https://example.jamfcloud.com/saml/metadata Note: Replace example with the name of your organization in Jamf Pro.
Assertion Consumer Service	https://example.jamfcloud.com/saml/SSO Note: Replace example with the name of your organization in Jamf Pro.
Single Logout Service	https://example.jamfcloud.com/saml/SingleLogout Note: Replace example with the name of your organization in Jamf Pro.
NameID format	urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameID attribute	mail
Send Attributes	NameID
Signature algorithm	sha-256
Validate Authn Request	Uncheck.
Sign response	Check.
Certificate for signing	Upload the certificate you have downloaded from Jamf Pro. Note: You have to change the extension of the certificate to CRT.

3. Your configuration is now complete. You can log in to Jamf Pro with Rublon 2FA.

Log in to Jamf Pro with Rublon 2FA

1. Go to https://example.jamfcloud.com. Replace example with the name of your organization in Jamf Pro.

2. You will be redirected to the Rublon Access Gateway login page.

3. Provide your username and password. Click SIGN IN. A window will appear with a selection of various 2FA options from Rublon. Let’s choose Mobile Push.

4. You will be sent a push notification. Tap APPROVE.

5. You will be successfully logged in to Jamf Pro.

Troubleshooting

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Access Gateway

Rublon Access Gateway – Integrations