I seem to have this weird issue that only started to show up when installing Jamf Connect 2.1.0 or higher (as far as I can tell). We have a setup where each user does get Admin privileges on the machine after we set them up. If someone else logs into the device, they will be stuck with standard. This has worked great for us from version 1.4 all the way up to testing the 2.0.x versions. However I have now installed 2.1.0 and 2.1.2 on my machine and as soon as I login, it will revert me to a 'Standard' account. We are using Okta as our IdP, there is nothing really special about our setup. Has something changed with these new versions? So far I'm the only person I have been testing with but every time I do run the installer or authchanger, my account loses Admin privileges. Also to note - I am also in the OIDCAdminClientID group as well. Is there something I'm missing?
Ok I just tested this with another computer. Started with 1.9.1 of Jamf Connect Login, then installed Jamf Connect 2.0.2 and still the user ID I was testing with had Admin privileges, then I upgraded to Jamf Connect 2.1.2 and then the account got demoted as expected to a standard account. We won't be able roll this out if it starts demoting our user base.
For anyone else having this issue, after going thru a number of solutions with Support, it seems that the old .plist files are causing the issue. We created new clean ones with the same info and it now does not cause the user to be demoted. This could be something with those stale .plist files. I will be deploying the new 2.1.x versions with a new set of plist files to the users.