Skip to main content

If I turn off our current Cloud Identity Provider configuration with Google, will that remove the existing attributes from users’ User and Location fields in their profiles? My understanding is that it won’t, which would be a good thing in my case. I’m transitioning to Okta LDAP and want to make sure the current attributes remain, since I have smart groups based on department fields.

So this should not remove any currently synced attributes.


You could also disable LDAP lookup in Settings > Computer management > Inventory collection > Collect user and location information from Directory Service

 

Another factor to consider is that each user record is tied to an LDAP Server or Cloud IDP. So when switching, it should not just start syncing with the new IDP, cause they will not match.

You can check the details out via the api /JSSResource/users/id/{id}
There is a an entry like this example. So if you create a new Cloud IDP it would have a value of maybe 1012

<ldap_server>
<id>1011</id>
<name>Azure AD</name>
</ldap_server>

That worked, thanks so much ​@Rick_Goody_Jamf!

I do wish Jamf allowed you to set a primary LDAP. It’s not a dealbreaker, but it would be helpful to know exactly where profiles are being sourced from.