I am attempting to use SSO Enrollment through Enrollment Customization, but having issues with getting the desired Full name and Account name (Home folder).

The Account name is always the user’s full email address.

I am NOT using Jamf Connect. Using Entra ID as IDP. I am using pre-fill from Pre-Stage Enrollment for the user account.

johnsmith@email.com

The goal is for Full Name to be John Smith. And Account Name to be johnsmith.

I’ve tried checking and unchecking pass through Jamf Pro to Jamf Connect with different attributes. (I know I’m not using Connect, but I’ve been running out of ideas). This always places the proper Full Name and always the the email for the Account Name.

I adjust the IDP attribute mapping to change the username to mailnickname. This tests properly and the username appears as johnsmith. It pulls User & Location from my directory properly when I do a search by just the nickname. When I go through enrollment customization though, it still places the full email as the username. Since the email is not the proper username linked from the mapping, it does not populate the rest of the fields in User & Location. Additionaly, Full Name is blank and Account Name is still the email address.

I have attempted to pre-fill using custom data $USERNAME. Same results with the email populating in account name.

It seems like Enrollment Customization does not follow any attribute mapping guidelines from the IDP integration. I was really thinking this would something simple to roll out, but after hours of different attempts, I’m running out of ideas.

Is this just not possible to do without Connect? Or an LDAP server with additional mapping options?