Hi everyone,
With the release of Jamf Pro 11.26 and the improved support for Platform SSO (PSSO) simplified setup, we’re looking at moving away from our traditional Jamf Connect / Login Window workflow.
However, I’m running into a bit of a "Day 2" management hurdle. For our existing fleet that already has local accounts created via Jamf Connect, I’m finding that enabling Platform SSO via a configuration profile sometimes results in "orphaned" or duplicate-feeling login experiences if the local shortname doesn't perfectly match the Entra ID/Okta attribute.
Has anyone found a clean way to "link" existing local accounts to Platform SSO without having the user go through a full profile rebuild? Also, are you seeing any issues with FileVault recovery keys not rotating properly once PSSO takes over the password sync duties?
I’m trying to avoid a scenario where I have to ask 500 users to manually "Repair" their account sync. If you’ve scripted a migration path or have a clever Extension Attribute to track "PSSO Enrollment Status," I’d love to see how you’re handling it!
Cheers!