I was playing around with enrollment customizations and I'm liking the idea of capturing user logins to be created on the machine during enrollment. I created a LDAP Authentication prestage pane (among other cosmetic test panes) and the user profile doesn't get created on the system. Does the enrollment customization feature require Jamf Connect to create LDAP users on devices?
Question
Does enrollment customization require Jamf Connect?
+4
+15@kbednarthe Enrollment Customization option within Settings -> Global Management does not require Jamf Connect.
If you would like to customize the macOS login window, Jamf Connect or NoMad Login are arguably the most convenient options to set a custom login wallpaper.
+4@kbednarthe Enrollment Customization option within Settings -> Global Management does not require Jamf Connect.
If you would like to customize the macOS login window, Jamf Connect or NoMad Login are arguably the most convenient options to set a custom login wallpaper.
I wonder what I'm doing wrong. Not trying to customize the login window at the moment, just trying to get the LDAP user info from the LDAP Authentication pane I created in Enrollment Customization to be created so the user can log into the computer.
+9@kbednar i have the same issue when i I customize a LDAP Authentication prestage pane with Jamf Pro.
+9+1 here, I created enrollment customization mainly to populate user information “Full name and username” in the fields where the end user creates an account in the setup assistant, the connection between Jamf and our IdP "Google" is successful but I'm not retrieving any user info for some reason!
I wonder what I'm doing wrong. Not trying to customize the login window at the moment, just trying to get the LDAP user info from the LDAP Authentication pane I created in Enrollment Customization to be created so the user can log into the computer.
Enrollment customizations for IDP's or LDAP mainly serve to provide a prettier, easier to understand auth wall for your prestage. The user isn't created at this point and if no account creation action is enabled it will only update the user and location tab on a device record. In your prestage you need to ensure the account settings payload has a local user account type set to Admin or Standard user and then check pre-fill account information and chose Device Owner's details if it's not the default. You can chose to lock the pre-filled info as well.
+9The authentication process with my IdP is successful but populating fullname & username is not happening for some reason.
The authentication process with my IdP is successful but populating fullname & username is not happening for some reason.
What flavor of Google Workspace do you have? If you have access to the Secure LDAP service then go into Settings > System Settings > Cloud Identity Providers and add your Google Secure LDAP instance there. That will get you LDAP lookups for the pre-fill functionality.
EDIT: https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Google_Secure_LDAP_Integration.html
+9Did that already but no joy
Did that already but no joy
I think I ran into this as well and decided to ditch the SSO pane in my enrollment customization and instead added an LDAP pane. I had to provide some instruction as I wanted to keep my last.first username format instead of last.first@gsuiteemail.zzz but it works 100% of the time for pre-filling the account info.
+9I will give it a shot with LDAP Authentication pane but isn't suppose to work with SSO pane !!?
+9@mainelysteve it worked like a charm with LDAP authentication pane, I just need here to add extra info so the end user knows what to enter but I would prefer the SSO option more if it would work.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.