Hi all,
Relatively new to JAMF Pro (using cloud) overall here, but enjoying it quite a bit.
Currently in the process of building up an initial roll out for the company, and running into some oddities that are likely just my own "You don't know what you don't know" things.
Goal: SSO for Mac users via Azure auth in JAMF Connect, and of course password sync via Verify. Users are mostly local admins on their machines and we'll deal with fighting that battle later. So we want JAMF to leave them alone, Admin or not.
(And I do see there's a new Beta with them combined, but probably not wild enough to push a beta into production... too old for that!)
Right now during initial enrollment I have it all pretty much working. Packages, plists, etc. Some great docs around here compared to many things!
User experience is a tad weird, however. Few items.
During initial enrollment if I try to associate the enrollment to anything but a blank user, it refuses. I think... this is because I don't have public LDAP user lookups enabled in the JAMF Pro config. (I do ave JAMF Pro authing our people authorized to log into it from Azure, but that's a different setup.) So there's no way for JAMF Pro Cloud to know who's a user or not. It'll let us leave the user blank and continue enrollment, though.
Mentioning it because I don't know if it exacerbates the problems below or even causes them.
Machine enrolls, all the "stuff" we want to do is done, user logs out, OIDC setting change kicks in...
FIRST login, it asks which local user to associate the network Azure user with. All fine and good. Log in, all happy. I also have it set to ask them if they want to migrate to network, which might be "wrong" thinking.
If we do that, it wants a password change to get them all in sync Makes sense. All seems good to this point.
Question at this point:
Once logged in, Verify still has to be manually logged into Azure by the user. Any way to pick up what they authed with initially and just configure it for them? I guess this is why the new beta.... clunky. But ok...
Okay we do user stuff and log out again. Here's where some unknown problem starts.
SECOND login : Azure auth, works. JAMF Connect then asks the user to enter their password again, like it has forgotten the link between the local user and the network user.
No idea what's causing that.
Enter it and login works fine. Just not sure why it's doing that.
What is the underlying "meaning" when JAMF Connect asks the user to re-type their password, and what did I miss?
(GRIN!)
Thanks in advance... can provide plist settings or whatever if it helps.
Soooo close....
