Skip to main content
Question

User and Location Data

  • May 24, 2022
  • 17 replies
  • 121 views
A
Forum|alt.badge.img+3

We're trying to populate user and location data on our iPad devices - But it doesn't seem to work.

We have Azure setup as our Cloud Identity Provider. The test function confirms the lookups & mappings are working properly.  We have an Enrolment customisation that points to our SSO Azure authentication - This is then set on our pre-stage enrolment. 

 

When a device goes through setup - The users are prompted to sign in. We expected the user & location data to be populated - But it doesn't. 'Collect user and location information from LDAP' is ticked under inventory collection settings.

Has anyone got this to work? Not sure what we're missing.

Cheers

    17 replies

    J
    Forum|alt.badge.img+21
    • jcarr
    • Valued Contributor
    • May 24, 2022

    Does the Enrollment Customization use the SSO auth pane or the LDAP auth pane?  Also, you've configured both the SSO *and* the Cloud Identity Provider, right?

    A
    A
    Forum|alt.badge.img+3
    • agrant
    • Author
    • New Contributor
    • May 25, 2022

    Thanks for the reply. The Enrolment Customisation uses SSO & we've configured both the SSO and CIP. 

     

    One thing we have found is that it does populate the User and Location information when we use a user-initiated enrolment - Just not the pre-stage method. 

    R
    Forum|alt.badge.img
    • ryanpigeon
    • New Contributor
    • May 25, 2022

    Thanks for the reply. The Enrolment Customisation uses SSO & we've configured both the SSO and CIP. 

     

    One thing we have found is that it does populate the User and Location information when we use a user-initiated enrolment - Just not the pre-stage method. 


    Following this, as I can confirm we are having this happen with Okta as well. 

    eatkins
    peterlewis
    Forum|alt.badge.img+1
    • peterlewis
    • New Contributor
    • June 23, 2022

    +1 for this (using Azure). I note we don't currently have "Collect user and location information from LDAP" ticked within "Inventory Collection" due to PI008110, though I note that is no longer listed in active PIs.

    K
    Forum|alt.badge.img+1
    • kevc
    • New Contributor
    • September 5, 2022

    I also can't get User and Location information to populate during a prestage enrollment. I have the enrollment customization set up to use Azure SSO and Collect User and Location information from LDAP is checked under Inventory Collection for devices.

    @agrant Did you ever get this figured out?

    peterlewis
    Forum|alt.badge.img+1
    • peterlewis
    • New Contributor
    • September 7, 2022

    I also can't get User and Location information to populate during a prestage enrollment. I have the enrollment customization set up to use Azure SSO and Collect User and Location information from LDAP is checked under Inventory Collection for devices.

    @agrant Did you ever get this figured out?


    I have a ticket open about this, now. Once we have arrived at a solution, I will be sure to update you with what that solution was.
    K
    Forum|alt.badge.img+1
    • kevc
    • New Contributor
    • September 9, 2022
    I have a ticket open about this, now. Once we have arrived at a solution, I will be sure to update you with what that solution was.

    Thanks! I opened a ticket as well and was told the issue is related to PI101570. I checked the product issues page and it does sound related but hard to tell. Let me know if you hear anything different in your ticket.

    xEpicFail_O_o
    Forum|alt.badge.img+7
    • xEpicFail_O_o
    • Contributor
    • October 27, 2022

    This was an issue for me as well, I can't find the original post anymore but someone suggested a script to run upon user login. Here is the script that we are currently using. Hope it helps and sorry I can't find the original one! 

     

     

    #!/bin/sh

    #Get current signed in user
    currentUser=$(ls -l /dev/console | awk '/ / { print $3 }')

    #com.jamf.connect.state.plist location
    jamfConnectStateLocation=/Users/$currentUser/Library/Preferences/com.jamf.connect.state.plist
    DisplayName=$(/usr/libexec/PlistBuddy -c "Print :DisplayName" $jamfConnectStateLocation || echo "Does not exist")

    if [ $currentUser != "root" ];

    then

    /usr/local/bin/jamf recon -endUsername $DisplayName

    fi

    exit 0

    janzaldua
    Forum|alt.badge.img+7
    • janzaldua
    • Valued Contributor
    • April 1, 2023

    Did anyone get this working yet? Still having trouble.

    eatkins
    eatkins
    Forum|alt.badge.img+1
    • eatkins
    • New Contributor
    • April 21, 2023

    This issue just cropped up for us (using Okta). Prior to about a week ago, mappings were coming just fine with Inventory.

     

    S
    Forum|alt.badge.img
    • serawl01
    • New Contributor
    • May 9, 2023

    Running into this same issue. User-initiated enrollments populate User and Location information, but pre-stage enrollments do not, using Azure SSO. 

    janzaldua
    Forum|alt.badge.img+7
    • janzaldua
    • Valued Contributor
    • May 9, 2023

    Hello. Just wanted to give an update, since we got it working within our environment! We connected Azure AD. Firstly, here are the mappings within Settings > SystemCloud Identity Providers:

    ~~~

    User Id id

    User Name userPrincipalName

    Real Name displayName

    Email mail

    Department department

    Building officeLocation

    Room city

    Phone mobilePhone

    Position jobTitle

    ~~~

    You can test these mappings and they should populate from the username you provide. Keep in mind, some mappings need to be manually entered within Jamf, in order for them to populate correctly. For example, Department and Building. Both can be found within Settings > Network > Departments/Buildings - Within each of these sections, you'll need to manually add each Department or Building, according to how it shows up within Azure AD. What I did is had my System Admin export a list of the Department and Building attribute from AAD, and I manually created each entry within Jamf. Also an FYI, we have the checkbox enabled for Collect user and location information from Directory Service, within Settings > Computer Management > Inventory Collection.

    ~~~

    As far as the script. For us, it only works if it uses the user's EMAIL, not username. You can gather this two ways.

    1. If they use Jamf Connect, you can run this script.

     

    #!/bin/bash #Find the Current Logged in User UserFound="No" while [[ $UserFound == "No" ]] do CURRENT_USER=$(/usr/bin/stat -f "%Su" /dev/console) if [[ $CURRENT_USER == "_mbsetupuser" ]] || [[ $CURRENT_USER == "root" ]]; then echo "User Found is $CURRENT_USER, sleeping 10 seconds for the correct username to populate" sleep 10 UserFound="No" else UserFound="Yes" echo "User Found is $CURRENT_USER" fi done #Find the information from Jamf Connect jamfConnectStateLocation=/Users/$CURRENT_USER/Library/Preferences/com.jamf.connect.state.plist DisplayName=$(/usr/libexec/PlistBuddy -c "Print :DisplayName" $jamfConnectStateLocation || echo "Does not exist") #Update the information on JAMF /usr/local/bin/jamf recon -endUsername "$DisplayName" /usr/local/bin/jamf recon exit 0

     

     

    If the user does not use Jamf connect, it will display "Does not exist" in the User and Location field. And you can create a separate policy that takes the last user to login and adds an @company.com suffix to populate the fields correctly. That script is here:

     

     

    #!/bin/bash #Find the Current Logged in User UserFound="No" while [[ $UserFound == "No" ]] do CURRENT_USER=$(/usr/bin/stat -f "%Su" /dev/console) if [[ $CURRENT_USER == "_mbsetupuser" ]] || [[ $CURRENT_USER == "root" ]]; then echo "User Found is $CURRENT_USER, sleeping 10 seconds for the correct username to populate" sleep 10 UserFound="No" else UserFound="Yes" echo "User Found is $CURRENT_USER" fi done #Find the information from Jamf Connect jamfConnectStateLocation=/Users/$CURRENT_USER/Library/Preferences/com.jamf.connect.state.plist #New Line DisplayName=$(/usr/libexec/PlistBuddy -c "Print :DisplayName" $jamfConnectStateLocation || echo $CURRENT_USER"@COMPANY.com") #Update the information on JAMF /usr/local/bin/jamf recon -endUsername "$DisplayName" /usr/local/bin/jamf recon exit 0

     

     

    Keep in mind this script only works if users are logging in using their AD username. Otherwise you can use the first Jamf Connect script instead.

    iOllie
    Forum|alt.badge.img+3
    • iOllie
    • New Contributor
    • August 22, 2023

    It seems like the discussion transformed from iOS devices to computers. Has anyone progressed with the pair of iPad/Okta SSO or iPad/AD SSO?

    xEpicFail_O_o
    Forum|alt.badge.img+7

    It seems like the discussion transformed from iOS devices to computers. Has anyone progressed with the pair of iPad/Okta SSO or iPad/AD SSO?


    @iOllie - used this for AD SSO on iPads. Works like a charm but it does have some nuances that are a pain in the ass such as it forces everything to open up w/ MS Edge and causes issues if anything requires Safari.

    Had similar issues w/ MacOS and the SSO Configuration profile. It wouldn't allow compliance on intel macs since it wouldnt open Safari.

    https://learn.microsoft.com/en-us/mem/intune/configuration/use-enterprise-sso-plug-in-ios-ipados-macos?pivots=all

    S
    Forum|alt.badge.img+5
    • Sherlock
    • New Contributor
    • November 21, 2023

    It seems like the discussion transformed from iOS devices to computers. Has anyone progressed with the pair of iPad/Okta SSO or iPad/AD SSO?


    Hello, Did you happen to figure out a solution?

    D
    Forum|alt.badge.img+1
    • dammitjarid
    • New Contributor
    • June 27, 2024

    I, too, am wondering if there has been a solution found. We also have iOS/iPadOS devices that are using PreStage Enrollment w/ Customized Enrollment Page w/ Entra SSO + Inventory set to "grab user and group information" for the Devices. It works for the Computer side without any additional scripting, but simply does not populate on the Mobile Device side. 

    D
    Forum|alt.badge.img+1
    • dammitjarid
    • New Contributor
    • July 2, 2024

    Update! Long story short, I had all the configs in place, but my "fix" was to simply make sure you are testing/signing into the iOS devices using an Account that is NOT an administrator inside of Jamf Pro. I was testing using my Named account (separate from Admin) and unbeknownst to me, had an Auditing Role assigned in Jamf Pro. According to the Jamf support rep, Jamf WILL NOT grab the User and Location Data if the signed-in account exists in Jamf Pro.  I have a feeling a lot of us have been doing that. I simply created an account called "ipad.enrollmenttest@domain.com" inside of my Entra tenant > re-enrolled > signed in with this "ipad.enrollmenttest@" when prompted > then the User and Location data was grabbed accordingly :) 

    Terms & ConditionsCookie settingsAccessibility statement