Skip to main content
Solved

Prestage account informations not filling up

  • September 28, 2022
  • 4 replies
  • 46 views
bpstuder
Forum|alt.badge.img+7

Hello Jamf Nation

We are using Okta as SSO and LDAP directory. It's working fine for authentication on the prestage pane, but I'm unable to pre-fill a user account during setup assistant. The fields are always empty (and not locked), no matter what kind of authentication I try to use in Prestage Pane (LDAP or SSO).

I've tried with the "Device owner's details" and Custom, using $FULLNAME and $EMAIL as variable, but it's not working either.

When I test the LDAP, all the mappings seems correct.

Is there a place where I could find logs or anything that could help me why the account is not filling ?

Thanks for your help !

Best answer by bpstuder

I got an answer from support which explains everything, so here it is, in case it could help someone else :

This issue is related to PI104093 : In environments that integrate with an identity provider (IdP) to enable single sign-on (SSO) during enrollment with Jamf Pro via a PreStage enrollment but do not have an LDAP server set up, Jamf Pro does not pre-fill the Full Name of a user if the PreStage was configured to pre-fill the account information with the device owner's details.

But in my case, it's a little different : 

The issue only happens if the user account is explicitly defined in the Jamf Pro server under Users and Groups. If a user has SSO enabled and access is regulated with a GROUP MEMBERSHIP attribute coming in via the SAML token, the inventory record fills in just fine.

I had my SSO username set up explicitely in the Jamf Users & Groups. As soon as I removed that account from the users, the account details filled without problem.

    4 replies

    TheAngryYeti
    Forum|alt.badge.img+8
    • TheAngryYeti
    • Employee
    • 74 replies
    • September 28, 2022

    I just tested this scenario out, using SSO - I have a prestage with the following settings and with default information the SSO customization, I get the Full name and my account name locked in the setup assistant, I just have to put in the password.  the only caveat here is that its using my UPN for my account name....yay Azure.  It sounds like you may want to reach out to customer success to go over the workflow you have going on to be sure something isn't broken.

     

    bpstuder
    Forum|alt.badge.img+7
    • bpstuder
    • Author
    • Contributor
    • 13 replies
    • September 28, 2022

    I just tested this scenario out, using SSO - I have a prestage with the following settings and with default information the SSO customization, I get the Full name and my account name locked in the setup assistant, I just have to put in the password.  the only caveat here is that its using my UPN for my account name....yay Azure.  It sounds like you may want to reach out to customer success to go over the workflow you have going on to be sure something isn't broken.

     


    Thanks for testing ! I’m pretty sure it’s a little something I forgot somewhere. A checkbox or a LDAP mappings incorrect. That’s why I’m looking for logs that could show me something like « unknown parameter » or « bad request » or anything useful.

    I have opened a case about this to get more insights.

    bpstuder
    Forum|alt.badge.img+7
    • bpstuder
    • Author
    • Contributor
    • 13 replies
    • Answer
    • September 29, 2022

    I got an answer from support which explains everything, so here it is, in case it could help someone else :

    This issue is related to PI104093 : In environments that integrate with an identity provider (IdP) to enable single sign-on (SSO) during enrollment with Jamf Pro via a PreStage enrollment but do not have an LDAP server set up, Jamf Pro does not pre-fill the Full Name of a user if the PreStage was configured to pre-fill the account information with the device owner's details.

    But in my case, it's a little different : 

    The issue only happens if the user account is explicitly defined in the Jamf Pro server under Users and Groups. If a user has SSO enabled and access is regulated with a GROUP MEMBERSHIP attribute coming in via the SAML token, the inventory record fills in just fine.

    I had my SSO username set up explicitely in the Jamf Users & Groups. As soon as I removed that account from the users, the account details filled without problem.

    A
    Forum|alt.badge.img+6
    • anuj530
    • Contributor
    • 27 replies
    • October 4, 2022

    I got an answer from support which explains everything, so here it is, in case it could help someone else :

    This issue is related to PI104093 : In environments that integrate with an identity provider (IdP) to enable single sign-on (SSO) during enrollment with Jamf Pro via a PreStage enrollment but do not have an LDAP server set up, Jamf Pro does not pre-fill the Full Name of a user if the PreStage was configured to pre-fill the account information with the device owner's details.

    But in my case, it's a little different : 

    The issue only happens if the user account is explicitly defined in the Jamf Pro server under Users and Groups. If a user has SSO enabled and access is regulated with a GROUP MEMBERSHIP attribute coming in via the SAML token, the inventory record fills in just fine.

    I had my SSO username set up explicitely in the Jamf Users & Groups. As soon as I removed that account from the users, the account details filled without problem.


    Thanks so much for posting this! I have the same setup and was having the same issue. Thanks much! 


    Terms & ConditionsCookie settingsAccessibility statement