Feat: Support for Interactive SSO / OIDC Authentication (EntraID, Google, Okta, Jamf Account)

## Feat: Support for Interactive SSO / OIDC Authentication (EntraID, Google, Okta, Jamf Account)

### **Description**
Currently, `jamf-cli` requires manual configuration of API roles and clients or Platform API credentials. While this works for some setups, it represents a significant blocker in many enterprise environments. 

In strict enterprise deployments, administrators and engineers often **do not have local Jamf Pro accounts**. Access is instead strictly governed by third-party Identity Providers (IdPs) such as Microsoft EntraID, Google Workspace, Okta, or via Jamf Account. To improve adoption and usability in these environments, I would like to propose the implementation of an interactive OIDC-based authentication flow.

### **Proposed Workflow**
The ideal interactive flow would involve:
1. Running a login command (e.g., `jamf login`).
2. The CLI opens a system web browser redirecting to the organization's IdP (EntraID, Okta, Google, or Jamf Account).
3. The user performs the standard SSO sign-in (including their required MFA).
4. After authorization, the CLI automatically receives the necessary tokens to authenticate against the Jamf APIs.

### **Why this is important?**
* **Enterprise Blocker:** Many organizations completely disable local accounts for security compliance. Without SSO/OIDC support, users relying entirely on directory-backed accounts cannot easily utilize the CLI.
* **Security:** Removes the need to generate, distribute, and store long-lived secrets or manual Client IDs/Secrets on local machines.
* **User Experience:** Provides a modern, streamlined "OAuth" style login familiar to users of other enterprise CLI tools (like `aws`, `gcloud`, or `az`).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feat: Support for Interactive SSO / OIDC Authentication (EntraID, Google, Okta, Jamf Account) #85