Jamf Nation Community

jameson · ‎05-06-2021

So I setup Azure as identity provider, which was easy - today we have nothing LDAP setup, so shouldn´t be any conflicts

When I test the user mapping it works fine, and I can lookup my username
If I try with group It does not work.

In azure I have a group with all users that I want to map. And the OID of the group is entered as name and then the group name is the same name as the azure group. But I cannot lookup any names in groups

Overall my goal is that when a mac is enrolling that the user assign the mac to it own username through azure lookop. So should add all users as a jamf pro user group with enrollment rights only (correct me if I am wrong)

Stevie · ‎05-06-2021

Hi,

This is a limitation of the current SAML setup for Azure and Jamf. We had the same problem and found that we could search for both user and groups names but not users in groups unless the search matched the exact case. User log in details are capitalised, as are the user groups. However once the user logs in with 2FA the details automatically change to lower case and the SAML lookup is then broken because it doesn't current match the name with the UUID.

Jamf said they will be improving the logic of the SAML query in future releases and as long as we have the group UUID as a searchable field in Azure we could always use that as a work around for now. Simply find out what the the UUID is of the group which you what to use and create a standard group with that name. When the user logs in the Jamf cloud will check the UUID of the group instead of the group name and it works.

This fix worked for us and the Jamf Cloud support team helped us change our Azure setup to get this going.

jameson · ‎05-07-2021

So how does you group mappings setup look like in azure identity provider setup in jamf pro ?. I have added the object ID and the name so it matches azure - but I does not work

Jamf Nation Community

Azure identity provider - Group mapping issue