Skip to main content

My organization uses Jamf Setup and Jamf Reset for our users to sign in with their SSO account with Microsoft Entra ID. The user will sign in with Jamf Setup at the start of their shift and then sign out at the end.

 

However, Jamf Reset frequently does not fully sign the user out of their SSO account, leading to the next users unable to log in.

 

I have found that a power cycle and attempt to sign out using Jamf Reset usually fixes this problem.

 

From what I can tell from comparing our Jamf Reset App configuration and "Managed App Configuration for Jamf Reset" documentation on learn.jamf.com, we have the standard configuration set up.

 

Has anyone else ran into issues with Jamf Reset "hanging up"?

You are not alone, we have been experiencing the same issue for several months we have a ticket open with jamf you may want to do the same.

For us we've only been testing with a handful of users so the issue's been intermittent and we've not been able to grab logs at the appropriate time although I am concerned when this hits production and more of our users use this we'll see more of this cropping up.

 

 

 

In comparison Intune does it slightly different they don't have a sign in sign out app, the Microsoft apps such as Teams is your global sign in global sign out app. So you are not MDM reliant on commands coming and leaving the device, sign in is just done at the device level.

 

I have asked JAMF to enhance their shared SSO setup so it's not reliant on the green setup app/red reset and can be used more traditionally as to how Intune does it.

 

 

Hello!

Yes, others have experienced Jamf Reset "hanging up" during Microsoft Entra ID SSO sign-out. While your configuration might be standard, investigate your Jamf Pro and Setup versions, Microsoft Entra ID SLO configuration and token lifetimes, any custom Jamf Reset settings or scripts, device network stability, and resource usage. Potential workarounds include a more aggressive scripted sign-out, increasing Jamf Reset timeout, user education, or contacting Jamf Support for specific troubleshooting related to your setup. 

MDM commands are stuck pending when the following conditions are met:

1. Mobile Device enrollment
2. Jamf Setup is not used
3. Device is powered off
4. Device is powered on after at least 24 hours or more have passed

When these conditions are met, a user can sign into Jamf Setup, but when the sign out process is performed with Jamf Reset, two things occur:

1. The SSO token is cleared for the previous user account
2. MDM commands that install the default configuration profile are stuck pending. (This gives the appearance that the Jamf Reset app is failing but in reality, the app is not being Restricted by the default configuration profile that has Jamf Reset as a Restricted app)

The issue can be resolved by opening Jamf Setup then immediately proceeding to sign out with Jamf Reset a second time. The result is all pending MDM commands are completed.

Based on my testing, once the suggested resolution above is performed, Jamf Setup and Jamf Reset can be used multiple times without the issue occurring again.

Terms & ConditionsCookie settingsAccessibility statement