05-05-2023 12:55 PM - edited 05-05-2023 12:56 PM
Has anyone made this change? it seems like a big one and I'm not sure if it should be done or not.
I'm happy with Jumpcloud and it's pretty heavily configured now but I'm not sure if piping everything through Jumpcloud is going to be good.
Has anyone else done this? what has your experience been like?
Solved! Go to Solution.
05-08-2023 03:41 PM - edited 05-08-2023 03:45 PM
The main thing is that it sounds more difficult than it really is. It's also reversible. There's a lot of info in the current KB (and even more in the new one). I'd defer to that and suggest that you check back for the update. It doesn't mention a few things that are head scratchers such as not disabling security defaults in AAD leads to dual MFA where the JC assertion gets passed to AAD (and then you're prompted again). You also can't run Microsoft's PS module to do this from Apple M1+ hardware. Support and pro services can also walk you through it.
Here's some up-to-date info you won't see in the KB just yet:
Important: Read SAML Configuration Notes and SSO with Microsoft 365 Considerations.
If you want to connect Microsoft 365 with JumpCloud using the SAML SSO connector, read about the setup considerations before you get started.
After you review the considerations, see Single Sign On with Microsoft 365.
General Considerations
AD Sync Considerations
Get-MsolCompanyInformation
Set-MsolDirSyncEnabled -EnableDirSync $false
Note: This setting applies to all domains in your Microsoft 365 account, not just SSO domains
iOS Considerations
The iOS Mail client supports SSO. If you want to use JumpCloud’s SSO with the iOS Mail client, make sure to follow the steps below during configuration.
05-08-2023 03:22 PM - edited 05-08-2023 03:30 PM
Hello. I've done it and recently helped to re-write our KB on it (it's not published yet). It's been configured for months and I've not run into any show-stoppers. That made it possible to manage devices et, al without that much effort. That's a big deal. Unifying identity and device management will enable your organization to reduce costs, improve operational efficiencies, strengthen cybersecurity, support workplace and digital transformation, and reduce the pressure on IT admins and security teams. What are your concerns? It sounds as if you haven't federated AAD using PS yet, but could?
05-08-2023 03:34 PM
Currently 365 is just setup as a 'cloud directory' in JC. I will look into federating AAD.
Anything I should be aware of before I flip the switch?
05-08-2023 03:47 PM
Another other thing I'd suggest is to grab a domain for a few bucks and add it to AAD. Then, practice with it first.
05-08-2023 03:41 PM - edited 05-08-2023 03:45 PM
The main thing is that it sounds more difficult than it really is. It's also reversible. There's a lot of info in the current KB (and even more in the new one). I'd defer to that and suggest that you check back for the update. It doesn't mention a few things that are head scratchers such as not disabling security defaults in AAD leads to dual MFA where the JC assertion gets passed to AAD (and then you're prompted again). You also can't run Microsoft's PS module to do this from Apple M1+ hardware. Support and pro services can also walk you through it.
Here's some up-to-date info you won't see in the KB just yet:
Important: Read SAML Configuration Notes and SSO with Microsoft 365 Considerations.
If you want to connect Microsoft 365 with JumpCloud using the SAML SSO connector, read about the setup considerations before you get started.
After you review the considerations, see Single Sign On with Microsoft 365.
General Considerations
AD Sync Considerations
Get-MsolCompanyInformation
Set-MsolDirSyncEnabled -EnableDirSync $false
Note: This setting applies to all domains in your Microsoft 365 account, not just SSO domains
iOS Considerations
The iOS Mail client supports SSO. If you want to use JumpCloud’s SSO with the iOS Mail client, make sure to follow the steps below during configuration.
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.