Americas

  • United States

Asia

Jamf teams with Okta for enterprise-class simplicity

news analysis
Aug 23, 20244 mins
AppleMacOS SecurityiOS Security

For Apple admins, the partnership delivers no-fuss identity management, device management, and security.

Jamf logo on laptop
Credit: monticello / Shutterstock

As the EU does its deluded best to turn iOS into Android, the Apple ecosystem is focused on what really matters to business users: security, privacy, and platform integrity. That’s why enterprise tech leaders need to know that Apple MDM and security vendor Jamf has got even closer to leading ID tech purveyor Okta.

Jamf and Okta have worked together for years and in 2023 became the first to support Apple’s Single Sign-On (SSO) framework on Macs, following a similar introduction on iPhones and iPads shortly before. 

Identity, management, and security

What’s new is that Jamf has joined Okta’s Elevate partners program, meaning the two firms will be able to work even more closely together on offering combined services to enterprise customers, while also building new service offerings.

Henry Patel, Chief Strategy Officer at Jamf, explained: “With Okta as the identity provider and Jamf as the management and security solution, joint customers can offer their end users uninterrupted and productive workflows, anywhere and anytime.”

The point of this combination won’t be lost on IT. 

Jamf can deliver the MDM features Apple fleets need, while also protecting against security threats, spanning all the way from the endpoint to the enterprise core. The addition of core support for Okta’s rapidly evolving collection of tools to protect and manage identity gives customers business-class management and protection of their device fleets.

What the joint solution provides

As the companies put it, their joint solution lets customers handle all the following tasks:

  • Enhance security with multifactor authentication (MFA) and passwordless single sign-on (PSSO).
  • Enable seamless device enrollment with Enrollment SSO.
  • Improve productivity with uninterrupted workflows, requiring fewer sign-ins with PSSO. No one likes to enter logins more often than they need to; it damages the user experience and rattles concentration.
  • Ensure continuous conditional access, adjusting user access permissions based on changes in security status. 
  • Provide easy access to company resources and apps.

Conditional access is particularly important in modern working environments. 

Managing complex remote work environments

While there remain some well publicized holdouts against the distributed future of hybrid working, the Bring Your Own Device (BYOD) trend showed the inevitability of workplace changes over time. 

While many in management resist what’s inevitable, working patterns are changing all the same. That means more and more people will be working from where they are on the device they choose at the time they find most productive.

The problem with that scenario is that enterprises must figure out how to protect their data outside of traditional perimeter security models, and that’s what conditional access tries to do. It’s a system that relies on signals such as location, time, device, or user to generate an insight into the extent to which a device can be trusted when it is used to try to gain access to company data.

There’s a mountain of work that has taken place around conditional access across the last few years, and this task accelerated during the pandemic. Apple’s Declarative Device Management tech, Jamf support for Microsoft Intune, and inclusion of Jamf at the Azure Marketplace are all testament to the degree to which tech is building rock-solid identity and access solutions, while SSO and passkeys show the user focus inherent to all these attempts. 

Enterprise-class simplicity

Ideally, I suppose, device and endpoint security would be something that happened without any user involvement. (People tend to be the weakest link in security, after all.) And it is good to see that kind of future being realized across Macs, iPhones, and iPads.

Now, having said that even SSO shows there will always be some need for user interaction but reading between the lines of the Jamf/Okta announcement, it’s hard not to detect the intention: to deliver enterprise-grade security that’s simple and easy to use just like any of Apple’s own consumer technologies, protection that enables workers to focus on what they do, while giving IT the degree of control, security and identity provision they require. All of this delivered without an ounce of kernel access — like an enterprise-class platform done right, some might say.

Please follow me on LinkedInMastodon, or join me in the AppleHolic’s bar & grill group on MeWe.