Scoping to users works when users sign into Self Service, not when signing into the computer itself. So you'd need to enable the ability to sign into Self Service, and make sure local admin account exists as an account you can log into Jamf with as well.
Most commonly, at least that I'm aware of, people scope policies to groups in their IDP that is integrated into Jamf - that way people in specific IDP groups can log into Self Service to get specific additional policies made available to them, regardless of what computer they're at.
There is 2 ways you can do this,
1st as dennisnardi said, make it available in self service and scope to that user. So you can from that computer.
If the policy will run if that local account logged in, then you can write a simple script to run policy (adjust triggers the way you want)
#!/bin/sh
loggedInUser=$(stat -f %Su /dev/console)
localadmin="whateveryourlocaladmin"
policyTrigger="put-your-policy-trigger-here"
# Check if the desired account logged in
if [ "${loggedInUser}" == "${localadmin}" ]; then
echo "Local admin logged in. Running policy"
jamf policy -event "$policyTrigger"
exit 0
else
echo "different user exitin"
exit 1
fi
Scoping to users works when users sign into Self Service, not when signing into the computer itself. So you'd need to enable the ability to sign into Self Service, and make sure local admin account exists as an account you can log into Jamf with as well.
Most commonly, at least that I'm aware of, people scope policies to groups in their IDP that is integrated into Jamf - that way people in specific IDP groups can log into Self Service to get specific additional policies made available to them, regardless of what computer they're at.
Thank you! I was able to create a user account in JAMF to log into Self Service with and I could view the policy. The policy I created (to bind the machine to AD) isn't working, but I'm thinking that's unrelated and this got me started. Thanks again!
