+3Hi,
I have set up Cloud identity providers and I am wondering if there is a mechanism that will allow me to do a sync of users from Microsoft Entra ID to Jamf Pro automatically.
I mean users from the "users" tab not from the system tab "User accounts and groups".
How is the issue of sychronization of accounts solved ?
+24Sounds like you are looking to do this. Under the Inventory Collection settings, make sure to check Collect.
+3Sounds like you are looking to do this. Under the Inventory Collection settings, make sure to check Collect.
Not working. I still do not see any users with Entra ID.
+24The username that is shown must match what is in entra. so if the username is bob but the entra username is bob.smith it won't show. And I just thought maybe you are looking to import all the users? If so that doesn't happen. The users tab just shows the users of enrolled devices.
+3The username that is shown must match what is in entra. so if the username is bob but the entra username is bob.smith it won't show. And I just thought maybe you are looking to import all the users? If so that doesn't happen. The users tab just shows the users of enrolled devices.
Ok so there is no way for me to have the users appear in "Users" first by syncing the Entra ID ?
I wanted to secure the entrolment in this way by manually assigning users to devices.
So I would have to do it in such a way that I add the entra id groups in the enrolment restriction to know that we can only assign selected users to computers BUT only when these authorized and selected users execute the enrolment.
Am I thinking correctly?
+24Ok so there is no way for me to have the users appear in "Users" first by syncing the Entra ID ?
I wanted to secure the entrolment in this way by manually assigning users to devices.
So I would have to do it in such a way that I add the entra id groups in the enrolment restriction to know that we can only assign selected users to computers BUT only when these authorized and selected users execute the enrolment.
Am I thinking correctly?
I believe I'm following your description correctly and yes. If you are only wanting a small set of users to be able to enroll, then yes you'd have to use the UIE restrictions.
+11If you are referring users section in jamf, that is auto populated once computer/device is assign to a user. As far as I know there is no connection or sync from idp. That comes from jamf database
As others have pointed out you can't sync users from an IdP or AD into JAMF Pro. The users shown in that section are users who end up there because they enrolled a Mac or iPad.
You're pretty much restricted to IdP or AD group membership to allow enrollment which I think will work just fine in your case. I guess if you wanted to really lock things down you'd create individual pre-stages and assign individual enrollment customizations to achieve a 1:1 computer+user relationship before the computer is even setup.
+2Check this. I'm testing similar scenario: Entra ID + SSO. We can enroll Mac as ABM and prefilled username as SSO ID. After enrollment, user's info added to Jamf Inventory -> User and location automatically.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
