I just tested this scenario out, using SSO - I have a prestage with the following settings and with default information the SSO customization, I get the Full name and my account name locked in the setup assistant, I just have to put in the password. the only caveat here is that its using my UPN for my account name....yay Azure. It sounds like you may want to reach out to customer success to go over the workflow you have going on to be sure something isn't broken.
I just tested this scenario out, using SSO - I have a prestage with the following settings and with default information the SSO customization, I get the Full name and my account name locked in the setup assistant, I just have to put in the password. the only caveat here is that its using my UPN for my account name....yay Azure. It sounds like you may want to reach out to customer success to go over the workflow you have going on to be sure something isn't broken.
Thanks for testing ! I’m pretty sure it’s a little something I forgot somewhere. A checkbox or a LDAP mappings incorrect. That’s why I’m looking for logs that could show me something like « unknown parameter » or « bad request » or anything useful.
I have opened a case about this to get more insights.
I got an answer from support which explains everything, so here it is, in case it could help someone else :
This issue is related to PI104093 : In environments that integrate with an identity provider (IdP) to enable single sign-on (SSO) during enrollment with Jamf Pro via a PreStage enrollment but do not have an LDAP server set up, Jamf Pro does not pre-fill the Full Name of a user if the PreStage was configured to pre-fill the account information with the device owner's details.
But in my case, it's a little different :
The issue only happens if the user account is explicitly defined in the Jamf Pro server under Users and Groups. If a user has SSO enabled and access is regulated with a GROUP MEMBERSHIP attribute coming in via the SAML token, the inventory record fills in just fine.
I had my SSO username set up explicitely in the Jamf Users & Groups. As soon as I removed that account from the users, the account details filled without problem.
I got an answer from support which explains everything, so here it is, in case it could help someone else :
This issue is related to PI104093 : In environments that integrate with an identity provider (IdP) to enable single sign-on (SSO) during enrollment with Jamf Pro via a PreStage enrollment but do not have an LDAP server set up, Jamf Pro does not pre-fill the Full Name of a user if the PreStage was configured to pre-fill the account information with the device owner's details.
But in my case, it's a little different :
The issue only happens if the user account is explicitly defined in the Jamf Pro server under Users and Groups. If a user has SSO enabled and access is regulated with a GROUP MEMBERSHIP attribute coming in via the SAML token, the inventory record fills in just fine.
I had my SSO username set up explicitely in the Jamf Users & Groups. As soon as I removed that account from the users, the account details filled without problem.
Thanks so much for posting this! I have the same setup and was having the same issue. Thanks much!
