How Interlaced helped Okta revamp Jamf Pro, Deployment, and Security

Okta is the leading independent provider of identity for the enterprise. The Okta Identity Cloud connects and protects employees of many of the world's largest enterprises. It also securely connects enterprises to their partners, suppliers, and customers.

Okta partnered with Interlaced to further increase the IT team's departmental efficiency and to free up the team to work on value-added business initiatives. Okta engaged with Interlaced to work on the following:

1. Increase Jamf Pro utilization and effectiveness
2. Rebuild their imaging and deployment workflow
3. Maintain organization-wide endpoint security

The partner needed to specialize in working with complex, Apple-centric environments.

Check: Interlaced is a proud member of the Apple Consultants Network (ACN), specializing in the deployment, management, and support of macOS and iOS endpoints.

The partner needed to be an expert in all-things Jamf.

Check: Interlaced is a major Jamf partner and integrator, well versed in every aspect of the platform. 

The partner needed to be a deployment specialist who could hit the ground running.

Check: Interlaced specializes in desiging, implementing, and supporting zero-touch deployment strategies using technologies such as Jamf Pro and Appple's Device Enrollment Program (DEP).

Finally, the partner needed to be adept at the hardening of macOS and iOS endpoints to meet complex compliance standards.

Check: Interlaced has years of experience using a variety of systems to enforce security polices and to auto-remediate against non-compliant macOS and iOS endpoints.

Interlaced was uniquely positioned and ready to tackle these challenges.

At a high-level, here is what accomplished:

• Rebuilt and launched a new Jamf Software Server (JSS)
• Brought Mac deployment to a usable state
• Standardized the deployment of new macOS endpoints
• Prepped Okta for Zero-Touch Deployment
• Implemented hardening requirements for macOS endpoints, including CIS parameters to meet FedRAMP
• Provided Help Desk support to end users throughout the hardening process

We believe strongly in Jamf Pro, which is the gold standard when it comes to configuration management in the Apple space. In fact, we manage dedicated instances for each and every client that we support.

Our dedicated Centralized Services team focuses day-in and day-out on optimizing these environments and finding ways to push the boundaries in terms of what the platform can accomplish.

Interlaced worked with Okta to ensure that Jamf was tailored to meet evolving endpoint management and security needs.

Jamf requires that new clients complete a traing program, which is referred to as "JumpStart"; yet even this program does not properly prepare IT resources for the arduous task of administering a JSS, let alone unleashing its full capabilities. We allow organizations to bypass the JumpStart program (costs up to $7,500). In turn, they get access to a highly-adept team of Jamf-certified experts.

The Challenge

Okta was looking for a Jamf Pro expert to consult with them on how to make the most of the platform, both in terms of optimization as well as utilization of the platform's full capabilities.  

The Solution

Interlaced worked alongside the Okta IT and Security departments to ensure that Jamf was continually tailored to meet Okta's evolving endpoint management and security needs. Additionally, we provided input and strategy related to all Apple-based technology initiatives. 

Working in close partnership with Okta, we rebuilt categories, scripts, and packages. Standard naming and notations were implemented, allowing for easier management and triage. This is especially important as enrollment and management workflows become more diverse, and as additional machine records are added to the JSS. 

Policy execution and optimization was a major focus, so as to minimize end-user interactions. Hundreds of inactive records that resided in the JSS were exported for historical purposes and purged, allowing for easier reporting and triage. 

Scope of Work

• Guided Okta IT concerning higher-level macOS and iOS strategy, policies, and procedures.
• Built-out and maintained management stacks in Jamf Pro to assist with enforcing critical software.
• Ensured Okta IT management stack was deployed correctly to all machines.
• Configured JSS to automatically identify non-compliance and remediate against security policies.
• Worked with Okta IT on ongoing, proactive initiatives to resolve the many outstanding macOS endpoint issues, including FileVault eligibility, Jamf management accounts, machines not checking in, machines out of space, etc.
• Provided ongoing software, package, and script maintenance, including regular updates and compatibility checks.
• Provided ongoing CIS hardening support.
• Provided general Jamf updates and maintenance.
• Provided general Jamf QA and light training for Okta IT.
• Consulted with Okta IT as they developed the required internal triaging and support workflows, which were related to both Jamf Pro and to macOS and iOS devices.

If Mac deployment is part of what you do, you'll know that imaging has, up until recently, been the preferred method of delivering a specific set of configurations, apps, and settings to your end users.

We consulted with Okta on the inclusion of other management technologies to help streamline IT support and management over the long-term.

Since consistency is paramount when deploying an enterprise fleet, it is crucial to follow a standardized process. This means ensuring that software is installed and ready, wireless connection settings are configured, and password policies are enforced. Doing so will keep things nice and simple for the user and also helps to reduce Help Desk calls and IT support tickets. 

The problem with traditional imaging is that there is a subsantial amount of work that goes into simply keeping the image current. However, there's now a new sheriff in town – By using a set of tools and systems including Jamf Pro, Apple Device Enrollment Program (DEP), and Volume Purchase Program (VPP), old-school imaging is now on the back burner. 

The Challenge

Okta was quickly scaling; each week, they were hiring dozens of new employees, however, the deployment process was not keeping up with the demand of onboarding these employees. They wanted to become more agile by automating the deployment of new machines. 

Our mission was to optimize their deployment strategy and to prepare them for Zero-Touch Deployment (ZTD) using Jamf Pro and Apple's Device Enrollment Program (DEP).

The Solution

Interlaced, a leader in Jamf Pro consulting, engaged with Okta to address immediate imaging issues. We were also tasked with the optimization of Okta's existing device deployment and management strategy.

After evaluating the Okta JSS, extensive reconfiguration was required to meet the new deployment demand requirements. This included properly leveraging Smart Groups, Extension Attributes, Scripts, Packages, Policies, and Scopes.

To prepare for zero-touch deployment, and in order to implement best-practices for reliability and scalability, Interlaced overhauled Okta's existing JSS enrollment workflow; we replaced Casper Imaging and the customized base OS image with modularized policies and profiles. This provided greater stability, reliability, the ability to easily accommodate new/multiple hardware profiles, and more flexibility when customizing department and site-specific enrollments. This was a critical next step to lay the foundation for zero-touch deployment.

Finally, we consulted with Okta on the inclusion of other management technologies to help streamline IT support and monitoring over the long-term.

Scope of Work

• Performed initial discovery of Okta's deployment and management strategy.
• Evaluated Okta's existing Jamf Pro Instance (JSS) configuration.
• Evaluated the existing imaging process.
• Evaluated the use of critical monitoring and management toolsets.
• Developed and presented Interlaced's best-in-class deployment strategy & recommendations.

Interlaced engaged with Okta to address several critical challenges that they were facing as an organization; this type of engagement is not at all uncommon. Many organizations, even those with sophisticated internal IT, find value in leveraging third-party vendors to design, support, or augment some aspect of their IT program.

We work with organizations large and small in a number of different capacities. For some clients, we act as an arm of their organization and take complete ownership of their IT program. For others, we provide high-level strategy, helping them project growth, implement new technologies, or tackle complex project initiatives such as an office relocation or network modernization.

Interlaced's mission is to be the premiere provider of Apple-centric Managed Services in the United States.

The Okta use case is an example of Interlaced using institutional knowledge and skilled resources from various departments to accomplish very high-level goals. Interlaced engineering and management resources developed an excellent working synergy with Okta's internal IT, Security, and Management teams. Together, they were able to accomplish impressive feats, providing tremendous value to both organizations.

We take pride in being a long-time Apple and Jamf partner, and continually strive to meet our mission of remaining the premeire Managed Services provider for Apple-centric businesses that utilize macOS and iOS devices. To learn more, please reach out to Interlaced today.