Skip to main content
Solved

SSO Enrollment, why am I being asked to assign the computer?

  • September 14, 2020
  • 4 replies
  • 37 views
A
  • Anonymous

I have a Jamf instance that i am using for testing. I have SSO setup with Azure AD and have SSO enabled for User Initiated enrollment. Previously, when I would log in with Azure AD credentials, the computer would automatically be assigned to the Azure AD user (and a User created with the Azure AD UPN as the user ID). Now, when I try to enroll a computer, I am prompted to assign the computer to a user. And, it will not accept my Azure UPN as the User ID. I didn't intentionally change anything, but something changed on me.

Any suggestions?

Best answer by LangStefan

Under the permissions for your user/group, do you have "Assign Users to Computers" unchecked?

Or can it be, that you try to enroll with an account that is also an admin at the same time?

4 replies

L
Forum|alt.badge.img+6
  • LangStefan
  • Contributor
  • Answer
  • September 14, 2020

Under the permissions for your user/group, do you have "Assign Users to Computers" unchecked?

Or can it be, that you try to enroll with an account that is also an admin at the same time?

A
  • Anonymous
  • September 14, 2020

That was it. The user I was using was also setup as a Jamf Pro Admin. Now that makes sense. Thanks.

M
Forum|alt.badge.img+3
  • msswarriors
  • New Contributor
  • September 15, 2020

I am having the same issue. I have a user setup for enrollment called Enroll with privilege set of Enrollment (no changes). On my prestige enrollment I have it set to not create Computer Account. However, on my last several builds in only in the past week or so have I been asked to Create Computer Account.

I do not have SSO with Active Directory but I do have users linked to Google as a cloud identity provider. I don't have Enroll user setup in Google but I directly added it to Jamf Pro User Accounts & Groups.

I then log in after as the Admin account to the computer and am not able to delete this user account.

M
Forum|alt.badge.img+3
  • msswarriors
  • New Contributor
  • September 15, 2020

Guess what, Enroll configuration by default now has Assign User to Computer and can't be unchecked.

Looks like I have to make my enroll user to be a custom setting to uncheck the Assign User to Computer. Is there a reason this got changed?

Terms & ConditionsCookie settingsAccessibility statement