Skip to main content

Jamf School currently assigns users and devices based on the following premises:

  • Each user is assigned a username, which Jamf School treats as a unique identifier.
  • Devices are linked to users via this username.

However, there is a design flaw in the current implementation:

  • It is possible to create new users with an already existing username, either manually or via CSV import.
  • Jamf School does not issue a warning or automatically adjust the username (e.g., by appending a number).
  • The original user is silently deleted, and a new user with the same username is created.
  • All devices previously assigned to the original user are now assigned to the new user.
  • This behavior occurs across the entire Jamf School instance, including across different locations.

Jamf School should enforce globally unique usernames across all locations.
Since location managers can only view users within their own location, they cannot verify whether a username already exists elsewhere.

Therefore, Jamf should implement a centralized validation mechanism or enforce a naming convention for usernames across all locations to prevent such conflicts.

Where I usually see problems is where kids have logged in before the rest of their information has SIS synced creating Manual accounts in Jamf School which have to be deleted and then ASM synced to correct them.  You have to delete devices off their accounts and delete the accounts first too. 

There will be 2 accounts with the same user name, one will have the MAID and one won’t, and one will have the classes and what not but the not the device.  Basically both have to be deleted and recreated from sync to get them aligned.

CSVs are also not logged in the Audit Log at all - I have limited access as much as I can for this reason.  I have users (device owners) assigned via Azure webclip authentication on login with the device moving to the location of that user. 

Assigning device owners via CSV also modifies the ADE placeholder PERMANENTLY, so you cannot get rid of the user from a wipe or move to trash as you can when they’re assigned at login instead.  No part of Jamf School let’s you set empty or blank or null values except doing it by hand, it’s always overwrite with something else.