Auto assign user's department based off title.

Sims_
Contributor

Is it possible for me to have my JSS auto assign a user to a department based off of what their title is? I currently have a config where when a user signs into Enterprise Connect it will then recon that Mac to the currently signed in user in Enterprise Connect (jamf recon -endUsername). This auto assigns the Mac to the currently signed in user in Enterprise Connect, but leaves the department field empty and we are having to manually assign each person to a department. I have certain software policies in Self Service that appear based off what department the user belongs to so its something we are having to do everyday.

I'd like to be able to have it so that once a user is assigned to a Mac it will also assign them to a department based on their title. Account Executive = Sales Department.

2 REPLIES 2

mm2270
Legendary Contributor III

I don't use EC, so I can't help directly, but if the account's title is something that can be pulled out of, say, a plist that EC maintains, or queried from the tool itself, then it might be possible to assign a department. As you probably know, the jamf recon command also can take a -department string, but you would first have to have something to use for the recon.

Unfortunately this will likely involve some level of scripting to get there. You would first need to get the person's title, then, in a script use maybe a case statement or the like to assign a department string to them. Depending on how many title variations there are in use, that might be complicated and not 100% reliable.

Let me ask something here - as you are using Enterprise Connect, I'm making an assumption the Macs are not joined to AD. Is that correct? Because if for some reason they are, it may be easier to script querying AD for their title, if that is part of their directory record, and then use that in the recon to update it.
If they are not joined to AD, it's still possible to query AD using ldapsearch, but the syntax for that is a little more complicated, and also requires the use of a service account for the temp bind to get information.

Anyway, just some things to think about.

Sims_
Contributor

@mm2270 All the information that EC can collect is written to a local .plist file on the Mac and then when our Update Inventory policy kicks off, it queries that .plist file and pulls their username from that and then the (jamf recon -endUsername) takes place to assign the Mac to the user. To my knowledge, EC doesn't pull in the user's department, but I'll contact Apple and see if I can submit this as a feature request or if this is possible and I am unaware.

Yes, none of our Macs are bound to AD. We went the "soft bind" route with Enterprise Connect.