Just looked at my configuration of jamf connect, its config profile has a key entitled OIDCAdmin, which points to an Entra Group, any users in that group are promoted to admin, upon login, if they are not in that group, they are standard users, even if they had admin before using jamf connect. Another key exists, called OIDCAdminAttribute the second key is a string called 'roles'. Config like that it seems to work here.

Hi @mschlosser,

I have all those keys in my script and still not changing JAMF Connect:

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>CreateJamfConnectPassword</key> <true/> <key>OIDCNewPassword</key> <false/> <key>CreateNewUserHide</key> <true/> <key>MigrateUsersHide</key> <array> <string>admin</string> <string>ladmin</string> </array> <key>Migrate</key> <true/> <key>OIDCDefaultLocal</key> <false/> <key>OIDCAdmin</key> <array> <string>Administrator</string> </array> <key>OIDCAdminAttribute</key> <string>roles</string>