I'm trying to scope and limit policies to group memberships derived from AzureAD (via Cloud Identity Provider). I can query for directory users and get "true" for membership, and I can search for the group and add it to the Limitations section of the policy. But when I try to test the policy on a Mac that was enrolled by a user in that group, the policy isn't available; the Mac doesn't even come up in the policy logs. If I try this with a regular LDAP connection, the logic works. Is this a bug of some kind or is there some limitation in place? Or perhaps I missed a step to linking the local/enrollment user and the AzureAD groups that the user is in?
Question
Jamf 10.32 and AzureAD - Cannot use LDAP group memberships for policies?
+3
This has been a problem with me for a while now. I can scope to LDAP (Azure) groups to Policies, but not to Profiles.
+3This has been a problem with me for a while now. I can scope to LDAP (Azure) groups to Policies, but not to Profiles.
I can't scope either of them. I'll go back and check my settings but it shouldn't be this tricky to implement.
+2The LDAP limitations in scoping require the local macOS username to match a directory username. My guess is to check the attribute mapping for the username field in the LDAP Server setting vs. the Cloud Identity Provier setting in Jamf Pro. Did you also try whether a login to Self Service made the policy show up / the Mac fall into the scope?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.