Demobilize Unbind mobile AD accounts

Eskobar
Contributor

Can we use JamfConnect just to Demobilize + Unbind Macs without the IDP setup ? I have the JamfConnect app but no green light yet to link It with our IDP.

If no, what should we use instead ?

 

5 REPLIES 5

dvasquez
Valued Contributor

It is my understanding you can use Jamf Connect to demobilize but the question is do you have another software helping with bind or mobile accounts, like Centrify? If so it can get a little more complicated.  There will be a process or rather an order.  The use of IDP or other is to allow your organizational users to log in using their password and credentials.  If you want to test you can also ways request a JC demo or use NoMAD and related tools. 
https://nomad.menu/products/
As far as unbinding you can use a number of methods to accomplish this with the Jamf Pro policy and identify and unbind using a small script if you wanted. 

Check out this document: https://docs.jamf.com/technical-articles/Demobilizing_and_Unbinding_Mobile_Accounts_with_Jamf_Connec...

dvasquez
Valued Contributor

I would also recommend you use an IdP or other source of truth service for accounts and password management. Jamf Connect is a powerful tool but using it with an IdP makes it even more so. 

AJPinto
Honored Contributor II

"Demobilizing" an account can be a mess. If you are using user level configuration profiles just know they will totally break when you Demobilize an account. Making new accounts for the users is a more hands on approach, but may be safer depending on how elaborate your environment is and how robust your support solutions are if things go sideways. 

 

Unbinding is a simple process, and you can do it with CLI. No need for JAMF Connect to do anything there.

 

As far as not having an IDP, is there a reason? That is one of the major selling points of JAMF Connect.

dvasquez
Valued Contributor

Jamf Connect does not gel well with mobile accounts if that is in your environment. Jamf Connect makes this an easy process. But yes in the past demobilizing an account was messy. Making an account local admin from a mobile admin is pretty simple using Jamf Connect. That is unless you already have a third-party tool involved. We had Centrify and an established process was needed but it was done. And unbinding can be done in a few different ways. But I will say using Jamf Connect to do this is also a simple process and can be done with one configuration. This is just my experience. 

Hi @dvasquez , can you PM me regarding your experiencing moving away from Centrify + mobile accounts? We are looking at doing the same.