Jamf Pro Components (Single Login)

Jamf Setup

Jamf Setup is a mobile device app that enables end users to quickly setup and configure a mobile device. Jamf Setup is a key component of the Single Login workflow as it is used for authentication and device provisioning. It may be configured and customized by using managed app configuration, which enables end users to set up and provision an iPad without having to log in or contact IT, making shared device deployment quick and easy.

When configured for Single Login, Jamf Setup prompts for user authentication and acquires a bearer auth token which is used by Apple's Authentication Services extension to authenticate with other native iOS applications that are enabled for Apple SSO extensions and Single Login. Read more about Jamf Setup

Jamf Reset

Jamf Reset is a mobile device app that enables users to quickly reset a device to the original factory settings using Jamf Pro. This process simplifies the necessary steps to wipe a device and records a log in Jamf Pro each time a device is wiped.

When configured for the Single Login workflow, Jamf Reset will clear the authentication token and the user is logged out of applications which prepares the device for the next user. Read more about Jamf Reset

Mobile Device Extension Attributes

Extension attributes are custom inventory fields that are added to each device’s inventory information, and are a crucial piece to the Jamf Setup experience. The role an end-user selects within Jamf Setup is stored inside a mobile device's inventory information using an extension attribute. This extension attribute is referenced by name in Jamf Setup’s Managed App Config. Read more about Extension Attributes

Smart Groups

Smart groups are groupings of devices that share a common criteria within their inventory information. Smart Groups for Single Login are built using the Jamf Setup choice extension attribute value as criteria. A Smart Group could be created for each available setup Role, and a Smart Group for “unconfigured devices” should target devices whose Jamf Setup Choice is blank. Read more about Smart Groups


Webhooks allow you to subscribe to specific events on a Jamf Pro instance. When an event occurs, an HTTP POST payload is sent to a specified URL. Some applications that are configured for Single Login need their backend systems to be made aware of the logout event prior to the next time the application launches, e.g., applications that use Push Notifications for background alerts.

    "webhook": {
        "id": 1,
        "name": "Single Logout",
        "webhookEvent": "SmartGroupMobileDeviceMembershipChange",
        "eventTimestamp": 1625159165896
    "event": {
        "name": "Jamf_Setup_Logged_Out",
        "smartGroup": true,
        "groupAddedDevicesIds": [
        "groupRemovedDevicesIds": [],
        "groupAddedDevices": [
                "udid": "cb5b504c9fdbb41e01e80420e08e6a12f2abhb35f",
                "deviceName": "IPAD NAME",
                "version": "14.6",
                "model": "iPad7,11",
                "bluetoothMacAddress": null,
                "wifiMacAddress": "FC:1D:43:1B:30:F7",
                "imei": "",
                "icciID": "",
                "product": null,
                "serialNumber": "GG7ZSQLM13PO",
                "userDirectoryID": "-1",
                "room": "ExampleRoom-42",
                "osVersion": "14.6",
                "osBuild": "18F72",
                "modelDisplay": "iPad 7th Generation (Wi-Fi)",
                "username": "",
                "jssID": 507,
                "ipAddress": ""
        "groupRemovedDevices": [],
        "computer": false,
        "jssid": 16
        <name>Single Logout</name>
            <deviceName>IPAD NAME</deviceName>
            <modelDisplay>iPad 7th Generation (Wi-Fi)</modelDisplay>

Read more about Webhooks

What’s Next

Read more about Jamf Pro components or continue learning about Single Login.