Organizations need a way to maintain, manage, and secure their devices — no matter where they are in the world. And so, they turn to MDM (mobile device management) and security systems.
Jamf is a leader in Apple-first management and security, the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple, and protects personal privacy. Founded in 2002, the Minnesota-based company helps IT teams protect, secure, and administer their Mac, iPhone, iPad, and Apple TV devices.
Today, Jamf employs over 2,500 people. Their customer base includes over 74,400 public and private-sector entities. With aspirations for further growth, the company knew they needed an Identity solution that wouldn’t just protect them, but also help them meet new challenges and opportunities of scale.
A nimble solution enabling secure, rapid growth
At first, Jamf used Microsoft Active Directory (AD) for their identity needs. But, as the company expanded, AD’s limitations became increasingly apparent.
“One of the biggest pain points of Active Directory is that it’s an on-prem solution,” Mitch Francese, senior IT systems administrator, Identity and Access Management, explains.
“An on-prem solution requires having servers, requiring regular patching and compliance controls. We’re a global company. We don’t want to spin up domain controllers around the world for every new office we open,” he adds.
Jamf realized they needed a cloud-native Identity solution that could scale at their pace. While the company had many options, Okta’s Workforce Identity Cloud stood out for its platform-agnostic philosophy.
“One of the reasons I like Okta is that it doesn’t care what tooling you use. As long as there’s an OIDC integration or a SAML integration, it just works.” Francese says.
This platform-agnosticism was important because, as Francese says, Jamf likes to “keep itself nimble.” The company values the ability to rapidly pivot to new technologies when they arise. They believe in picking the best tool for the job, no matter who made it, because better tools allow for happier workers, better products, and thus, happier customers.
When asked to list the Workforce Identity Cloud features Jamf actively uses, Francese says flatly: “It would be easier to list the features we don’t use.” Virtually every feature is in play, from lifecycle management and adaptive multi-factor authentication (MFA) to Okta Workflows. Workflows have been particularly impactful for the IT team, allowing them to add custom automation features to Identity flows that reduce the onboarding time of new joiners by 90%. This also benefits the new users, providing a 60% increase in day-one productivity by ensuring they get access to the applications they need to do their jobs.
Similar efficiencies have been identified in their merger and acquisition activity. Through leveraging Okta’s Identity tools, Jamf has reduced the time it takes to migrate employees from acquired entities by 75%.
“Previously, we would have to create each employee account manually. In our most recent acquisition, we just imported over the users and we were done. The migration took maybe two or three hours,” Francese says.
“A couple of years ago, we bought another company of about 200–300 people. We created a CSV of the employee accounts, formatted it properly, and dumped it into Okta. It made everything very easy,” he adds.
Securing Highly-Sensitive Environments
Okta’s rich feature set, Francese says, also allows Jamf to build highly secure environments expected by their most sensitive clients.
“We use Okta Verify and FastPass company-wide. For a significant amount of our applications, passwords are no longer required. Users simply put their finger on their Touch ID sensor or use Face ID, and they’re in,” Francese says.
“We have a layered security approach to our conditional access policies to enable passwordless functionality,” he continues. “We are using network location, Okta's ThreatInsight's risk scoring, Okta Device Trust, and Okta FastPass. All of them are working together to make sure that users have a great seamless login experience while still providing strong security.”
“We’re going into more high-compliance environments, like StateRAMP and FedRAMP. As we do that, we encounter customers needing stricter access controls. Leveraging things like adaptive MFA and risk signaling helps us to accomplish this while also giving users a great experience. ,” Francese explained.
“Okta [has] allowed us to create a great user experience, but also check all the boxes that compliance and auditing companies demand to make them happy.”
A streamlined experience for Jamf’s customers
Jamf was an early user of Okta’s Customer Identity Cloud, and in recent years has expanded their usage of the platform to the entire product line-up.
As Akash Kamath, senior vice president of software engineering explains: “When I first joined the company, we only used Customer Identity Cloud on one product, Jamf Protect. At the time, we had six products in our line-up, each with their own administration console, their own way of logging-in, and their own admin experience. As we sold multiple products to enterprise customers, it became clear we needed a streamlined experience.”
And so, Jamf began looking at Customer Identity Cloud as their “front door” for their entire product lineup. Which continues to grow as they expand their portfolio through in-house development, mergers, and acquisitions.
The consistency of the Customer Identity Cloud provides inevitable user experience (UX) benefits, but the engineering and administrative teams have keenly felt its impact. “We’re all speaking the same language, which makes life a lot easier for my team” Christie Vick, product manager, says.
The Customer Identity Cloud platform has also helped Jamf support larger enterprise customers, with their unique Identity demands. Jamf was originally an on-prem MDM solution that typically connected to local Identity solutions using protocols like LDAP. As the company shifted to the cloud, it needed to figure out how to federate with the identity systems of their largest clients.
“When a customer asks if we support their identity provider, all we have to say is ‘If you follow industry standards, we’ll work with it.’,” said Vick. “Whether it’s OAuth-based or Saml-based, we’ll connect to it. Customer Identity Cloud makes those conversations easier.”
A long symbiotic partnership
As Jamf continues to grow and enhance the experience of their users, Kamath recognizes the “long, symbiotic partnership” ahead with Okta. This relationship has been built on the white-glove service provided by Okta’s customer success and support teams.
“Okta’s partnership has been critical to our success. The Professional Services team that helped us migrate from AD were absolute rockstars,” Francese says.
“I’ve been in plenty of meetings with professional services teams where I felt they were trying to burn time to get those hours. That was never the case with Okta,” he added. “I can say, ‘Hey, this is a blocker for me.’ And then, a couple of months later. Boom! There's the feature I need. The exact feature I need. They make it happen.”
About Customer
Jamf’s purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy.