A have a few users (out of 300) that were forced to create a new profile instead of prompting to connect to a local account (Jamf Connect Migration). Is this a bug? How can it be fixed? We're on version 2.4.5 and use Okta as the IdP.
Below is authchanger -print from an affected user from their local account.
authchanger -print Entry: system.preferences.network modified : 656276786.306666 tries : 10000 class : user group : admin comment : Checked by the Admin framework when making changes to the Network preference pane. session-owner : 0 authenticate-user : 1 timeout : 2147483647 version : 0 allow-root : 1 created : 634501500.507993 shared : 1 Entry: system.login.console shared : 1 modified : 656276786.287784 created : 634501500.507993 tries : 10000 mechanisms: builtin:prelogin JamfConnectLogin:Initialize JamfConnectLogin:LoginUI JamfConnectLogin:PowerControl,privileged JamfConnectLogin:CreateUser,privileged JamfConnectLogin:EULA JamfConnectLogin:DeMobilize,privileged JamfConnectLogin:RunScript,privileged builtin:login-begin builtin:reset-password,privileged loginwindow:FDESupport,privileged builtin:forward-login,privileged builtin:auto-login,privileged builtin:authenticate,privileged PKINITMechanism:auth,privileged builtin:login-success JamfConnectLogin:Success HomeDirMechanism:login,privileged HomeDirMechanism:status MCXMechanism:login CryptoTokenKit:login loginwindow:done JamfConnectLogin:EnableFDE,privileged JamfConnectLogin:KeychainAdd,privileged version : 8 class : evaluate-mechanisms comment : Login mechanism based rule. Not for general use, yet. Entry: system.services.systemconfiguration.network class : rule comment : For making change to network configuration via System Configuration. rule: is-root entitled _mbsetupuser-nonshared authenticate-admin-nonshared modified : 656276786.318663 created : 634501500.507993 k-of-n : 1 version : 2
check Directory Utility on the client machine, click on the Directory Editor tab, find the user in question, and then check for a "NetworkUser" attribute. if the value is unknown, it's a JC issue, PI-009936: "Unknown" NetworkUser attribute is added to local user record during local login and blocks Migrate
The workaround for this is to run the following command on the machine to delete the attribute, filling in the local username:
sudo dscl . delete /Users/<localusername> dsAttrTypeStandard:NetworkUser
Apparently, jamf connect 2.5 fixed this issue, so you may want to upgrade