Do not selfsign anything that is related to anything Apple, you will only have a bad time. 

I recommend checking your LDAP Proxy and making sure its setup correctly and your DMZ is configured to allow it to function. Since you are setting up your environment for the 1st time, I would suggest reaching out to your JAMF SE for assistance. Usually JAMF has an admin service that covers getting you off the ground, but I dont know if the LDAP proxy is included in that. 

You may not be aware, but JAMF Support AAD and AAD serves many of the same functions of LDAP for JAMF. AAD is also much easier to setup for cloud instances. 

LDAP Proxy - Jamf Pro Administrator's Guide | Jamf

We do not have a proxy in place and did not realize it was required, it read to us like it was optional. And you would be right, we do have an SE to get us off the ground, but this initial LDAP connection we are lead to believe isn't covered as the SE wouldn't have knowledge of our setup and all that.

We'll take a look at AAD though and see if there was a reason this wasn't mentioned at the start.

On Prem JAMF and LDAP is a snap to setup. Off Prem (cloud) you need something (the LDAP Proxy) to allow the cloud instance to see your on Prem LDAP instance. Assuming you don't have your on Prem LDAP instance open internet, which would be hilarious . 

For AAD, it does all the directory look up stuff you would expect. AAD integration not 100% feature parallel with LDAP, but it is close enough for most environments. The biggest difference for me is you cant log in to JAMF with an AAD account, you need to setup SSO with something like Azure. However for cloud hosted anything you really want to federate your login with some IDP to protect the product.

Azure AD Integration - Jamf Pro Administrator's Guide | Jamf

Single Sign-On - Jamf Pro Administrator's Guide | Jamf

Thank you for those links! We do put everything we have behind SSO using Azure, so that is not a problem for us. And just to understand correctly, once we hook into AAD, we can just ignore the LDAP connection step then since it will pull users and groups from AAD?

Actually, I just stumbled upon my answer to this and that we shouldn't attempt to do both. I appreciate your help and you've been way more help than previous support avenues. I'll mark this as answered from you once we have it connected!

(Apologies for the out of band response, I was interrupted while replying and managed to miss several responses between the original question and posting my response)

@New2JAMF Is your LDAP server public facing (that's not normally the case), or are you using a Jamf Infrastructure Manager to proxy communications between your on-prem AD server and your Jamf Cloud instance? It's been several years since we did our Jamf Cloud migration but as I recall setting up the LDAP configuration to use a JIM wasn't possible using the "wizard" approach after choosing the "Microsoft's Active Directory" option for adding an LDAP server and I had to use the "Configure Manually" option to specify the JIM configuration. 

Also note that you will need the certificate for your LDAP server if you're configuring the connection to use SSL (which you should be).

So that was much easier than messing with the on-prem; however, it doesn't pull results when I search for a username. Should it be searching our AAD or just whomever connected to JAMF?