- Jamf Nation Community
- Products
- Jamf Connect
- Jamf Connect Deployment Not Working
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Jamf Connect Deployment Not Working
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2022 12:12 PM
Hi,
I'm currently configuring Jamf Connect and having a bit of difficulty. I am using Azure AD as an IdP.
What I'm currently experiencing:
- Turn on new Mac > Select Country > Connect to Network > Remote Management hits > Authenticate with Microsoft Azure > Remote Management loads profiles/policies
- Once Remote Management configuration is complete it brings me to the standard/normal Mac login screen.
- I enter local administrator credentials. This user was created during PreStage Enrollment > Account Settings before the Setup Assistant.
- Jamf Connect Sign In pop's up and Jamf Menu also loads. I can enter my UPN and password and sync the local account which does not align with my AAD account name because it's the local-admin account.
- If I run the AuthChanger script from terminal I can log out of the local-admin account and the Jamf Connect GUI will appear.
sudo authchanger -reset -JamfConnect
- I will receive 1 of two errors:
- If no ethernet is plugged in I receive error "Your Mac is not connected to a network. Try using local login.
- If ethernet is connected I receive error "An error occurred. Contact your IT administrator.
- I've signed back into local-admin after receiving these errors to look at the logs.
Timestamp Ty Process[PID:TID]
2022-01-28 09:14:27.627 E SecurityAgentHelper-x86_64[2176:4f2b] [com.jamf.connect.login:AuthUI] Could not get provider enum case from string. Invalid provider string
2022-01-28 09:20:53.068 E authorizationhosthelper.x86_64[2305:5621] [com.jamf.connect.login:KeychainAdd] Tried to get the login name but couldn't find it.
2022-01-28 09:22:15.221 E SecurityAgentHelper-x86_64[2479:5db0] [com.jamf.connect.login:AuthUI] Could not get provider enum case from string. Invalid provider string
2022-01-28 09:22:28.292 E SecurityAgentHelper-x86_64[2479:5db0] [com.jamf.connect.login:AuthUI] Could not get provider enum case from string. Invalid provider string
2022-01-28 09:22:36.806 E authorizationhosthelper.x86_64[2528:630d] [com.jamf.connect.login:KeychainAdd] Tried to get the login name but couldn't find it.
I can create another local account with the same username as my Azure AD account, sign into that, and sync AAD with local from there but that is not preferred. I'm also never able to login and authenticate through Jamf Connect. I always have to use the Local Login.
What I'm expecting:
- Turn on new Mac > Select Country > Connect to Network > Remote Management hits > Authenticate with Microsoft Azure > Remote Management loads profiles/policies
- Jamf Connect Login appears and I enter Azure AD credentials > It prompts to create local account / sync creds
- Unsure if I'm wrong about that but that is my understanding of how it should flow.
- I'm now signed into my personal local account and not the local-admin and my personal local account is synced with Azure Active Directory.
Other information:
For AuthChanger I'm not sure why it's not executing. Here is what my policy looks like:
Frequency: Ongoing
Trigger: Enrollment
Scope: All computers, All users.
I've added the script pasted above from the scripts section in Jamf and that is the script it should be executing.
I also have it set in the Jamf Connect Configuration for Network Settings to appear on the login screen as True but they do not. They did appear once but no other time have they. The time it did appear for me to attempt connecting to our network it would not accept my credentials and connection failed.
Enrollment packages seem to be deploying/installing the Mac. I have priority set to 5.
I have an Enrollment Customization attached to the PreStage.
- The Enrollment Customization includes SSO Auth,
- It's set to Any identify user,
- I've toggled Enable Jamf pro to pass user information to Jamf Connect,
- Account name is userPrincipalName, Account Full Name is displayName.
I've done all steps in this guide https://docs.jamf.com/jamf-connect/2.8.0/documentation/About_this_Guide.html and even printed it out and checked off / validated what I've done. Highlighted desired configuration information.
I'm not sure what I'm missing but if anyone could throw some idea's out there I'd appreciate it!
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-30-2022 10:26 PM
Your issue straight away points to your configuration profiles, Can you make sure your profile is correct and also as you have mention about enrolment customisation. Can you make sure your claim are configured correctly in Azure.
Feel free to dm if you need any further information from my end.
Regards,
Salim Ukani
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-31-2022 10:49 AM
Hi @Samstar777 ,
Thanks for your response. Here are what my configuration profiles look like:
- jamf-connect-login | Priority 5 | Computer Level | Install Automatically
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>CreateAdminUser</key>
<true/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>LicenseFile</key>
<data>REMOVED LICENSE</data>
<key>LocalFallback</key>
<true/>
<key>OIDCAdminAttribute</key>
<string>role</string>
<key>OIDCClientID</key>
<string>REMOVED OIDC</string>
<key>OIDCNewPassword</key>
<true/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>REMOVED OIDCROPGID</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>PayloadDescription</key>
<string>jamf-connect-login-test</string>
<key>PayloadDisplayName</key>
<string>jamf-connect-login-test</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>REMOVED ID</string>
<key>PayloadOrganization</key>
<string>REMOVED COMPANY NAME</string>
<key>PayloadType</key>
<string>com.jamf.connect.login</string>
<key>PayloadUUID</key>
<string>REMOVED ID</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>OIDCAdmin</key>
<array>
<string>Admin</string>
</array>
</dict>
</plist>
- jamf-connect (menu) | Priority 5 | Computer Level | Install Automatically
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadDescription</key>
<string>Jamf Connect Settings</string>
<key>PayloadDisplayName</key>
<string>Jamf Connect Settings</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>PAYLOAD ID REMOVED</string>
<key>PayloadOrganization</key>
<string>Jamf</string>
<key>PayloadType</key>
<string>com.jamf.connect</string>
<key>PayloadUUID</key>
<string>PAYLOAD ID REMOVED</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>IdPSettings</key>
<dict>
<key>Provider</key>
<string>Azure</string>
<key>ROPGID</key>
<string>ROPGID REMOVED</string>
<key>ResetPasswordURL</key>
<string>https://passwordreset.microsoftonline.com</string>
</dict>
<key>PasswordPolicies</key>
<dict>
<key>CheckOnNetworkChange</key>
<true/>
<key>ExpirationCountdownStartDay</key>
<integer>5</integer>
</dict>
<key>SignIn</key>
<dict>
<key>AutoAuthenticate</key>
<true/>
<key>AutoOpenAppAtLogin</key>
<false/>
<key>RequireSignIn</key>
<true/>
</dict>
</dict>
</plist>
- Jamf Connect License | Computer Level | Install Automatically
- I only have this because the Jamf Connect / Menu display as grey and unusable if not included even though I have the license attached in the jamf-connect-login profile and can see it.
- AuthChanger Script I have this script configured as:
- Enabled
- Trigger: Enrollment Complete
- Execution Frequency: Ongoing
- Script Module is attached with the following code executing
sudo authchanger -reset -JamfConnect
All configuration profiles display that the completed.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-01-2023 05:50 AM
is any updates about this topic?
