Hey all,
We have some users that don't get added to our Prestage Enrollment (ABM problem, not a Jamf issue), so they create local accounts then need to manually enroll via the url.
After the manual enrollment we have their machine install Jamf Connect but on their next reboot we'd like them to log in with Jamf Connect and force them to create a new user without the option to migrate the user they've already been using. (Yes, this will create an additional account on the machine but it's much easier for us to have them use their Okta account rather than their personal account.)
Unfortunately no matter what settings we use in the Config Profile, the option always opens for them to Migrate their local account:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OIDCProvider</key>
<string>Okta</string>
<key>OIDCNewPassword</key>
<false/>
<key>AuthServer</key>
<string>[ourserver]</string>
<key>LocalFallback</key>
<true/>
<key>CreateAdminUser</key>
<true/>
<key>DenyLocal</key>
<true/>
<key>DenyLocalExcluded</key>
<array>
<string>[ourlocaladmin]</string>
<string>jamfadmin</string>
</array>
<key>Migrate</key>
<false/>
<key>MigrateUsersHide</key>
<array>
<string>[ourlocaladmin]</string>
<string>jamfadmin</string>
</array>
<key>BackgroundImage</key>
<string>[ourimage]</string>
<key>LoginLogo</key>
<string>[ourlogo]</string>
<key>AllowNetworkSelection</key>
<true/>
<key>EnableFDE</key>
<true/>
<key>ScriptPath</key>
<string>/usr/local/jamfconnect/scripts/JamfNotify.sh</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
</dict>
</plist>
Any help is appreciated! I feel like I'm missing something obvious but just don't see it.
