Skip to main content
Question

macOS 26.1, ADE, Enrollment Customization, and Jamf Connect - Major Breaking Issue

  • November 21, 2025
  • 2 replies
  • 212 views
D
Forum|alt.badge.img

So I’ve started seeing an issue with macOS 26.1 trying to set up new machines.

The enrollment customization is not passing the user info from the SAML token, which is a known issue but usually sending the workaround profile that sets those attributes works fine. Here is the payload:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

    <dict>

        <key>EnrollmentRealName</key>

            <string>$REALNAME</string>

        <key>EnrollmentUserName</key>

            <string>$USERNAME</string>

    </dict>

</plist>

it’s not working now, I’m not even seeing the computer’s username change in Jamf Pro after signing in through the enrollment customization like I used to. 

Once setup assistant completes, Jamf Connect is installed, but when I get the re-enter your password screen I cannot progress past that since it doesn’t know who I am to create the account.

Searching for this issue has been almost impossible.

Is anyone else seeing this?

 

2 replies

J
  • Jo0Lz
  • New Contributor
  • December 1, 2025

I’m seeing the same thing. The only way to get this working is by having another login window provided by Jamf Connect to create the account.

So the user will have to sign into the Enrollment Customization SSO, then again for account creation, and again for Platform SSO after login. I wanted to eliminate one SSO window, but I have been trying things for a week now and getting nowhere. 

Links I used to gather the required information:
https://learn.jamf.com/en-US/bundle/technical-paper-managing-jamf-connect-current/page/Creating_a_Configuration_Profile_using_Jamf_Pro.html

https://travellingtechguy.blog/jamf-connect-login-and-enrollment-customization-azure-ad

If anyone has any pointers, I am open to suggestions! :)

D
Forum|alt.badge.img
  • dabernat
  • Author
  • New Contributor
  • December 12, 2025

Testing with Sequoia and I am still having the same issue, even when going back to our normal prestage enrollment.

This morning, I had the thought that it may be related to the new Jamf Account OIDC SSO features that we set up a while back, none of our Jamf Admins have set up machines for themselves since we set things up.

Looking at MS sign in logs, I never see our SAML SSO app when I or another admin sign into a device during enrollment, even though we have SAML SSO as enabled for enrollment customizations.

Does anyone know if this is this expected behavior, if not, should I go through the process of rersetting up OIDC and see if that fixes this?

If it is expected behavior, how is a Jamf admin supposed to use Jamf Connect to create an account on a device when they themselves are enrollment a computer into Jamf Pro?

Terms & ConditionsCookie settingsAccessibility statement