Access Related Query / Multiple Tenants

acudworth
New Contributor

Hi all,

 

Relatively new User to JAMF Pro here, I'm looking to enable access for users for multiple tenants.

Within our business we have 10+ JAMF Pro instances and a user has requested access to administer machines in another tenant to what his account is created in.

After doing some research I can see the best way to accomplish this appears to be to create some access groups, one for the domain they are not currently a part of (I plan on creating a 'enrollment only' group and a 'admin' group for each) and give it the requisite level of access, that's all fine until I come to add the user as a member, the user in question is not visible in the subset of users.

If I change the 'site', the list from the 'Members' section doesn't change, so I can only assume this list is static.

So I have a few questions:

• Why doesn't the user I need to administer appear in the 'members' user list for any of the groups and are these lists specific to the tenant?
• How can I make them available to this selection so I can add them to the new group I need to create?

 

I also read that a new LDAP linkage might be created but to my knowledge, all of our accounts are local to JAMF and not linked to AD/LDAP.

I also also read that some features of JAMF are poorly executed/un-optimised, so I think perhaps my niche issue might also fall under the 'not quite ready yet' category...

1 ACCEPTED SOLUTION

A_Collins
Contributor

I admit giving group access to a user is not traditional way, like you are selecting group and choosing members. 

You need to do this on user level. Find user you want to modify then change user access level to Group Access, so privileges tab will change to group membership. Then you can select which groups that user want to be in. 

View solution in original post

2 REPLIES 2

A_Collins
Contributor

I admit giving group access to a user is not traditional way, like you are selecting group and choosing members. 

You need to do this on user level. Find user you want to modify then change user access level to Group Access, so privileges tab will change to group membership. Then you can select which groups that user want to be in. 

Looks like this will do what I need, I've created a 'enrollment only' & 'Admin' groups for each of the sites so this should provide the correct levels of access.

Having to do it this way round is a bit backwards if you ask me but if it works, I'll take it.
Thanks for your help.