Help

Can I restrict specific users to specific machines?

Phinull_Girl
New Contributor

Posted on ‎02-02-2024 06:32 AM

Hello,

I am trying to determine if there is a way using Jamf for me to restrict particular users to only being able to log into specific machines.

Example, a student worker account can only log in on the designated student worker machine.

The challenges I see with this are: We use Microsoft Entra with Jamf Connect for authentication and we do not have users with Apple IDs in Jamf.

Can this be done?

0 Kudos
Reply
2 REPLIES 2

AJPinto
Honored Contributor III

Posted on ‎02-02-2024 07:12 AM

Nope. Not on the Jamf Connect side at least. All Jamf Connect can to is limit the device to a single user account, but it could be any user. 

 

It may be possible to push different Jamf Connect configurations to different devices (i.e. student vs teacher) and have different IDP configurations with Entry. You would need to make multiple Jamf Connect App integrations in Entra with different rules, but it may be possible. For example, config one only works for teachers, and config two only works for students. 

0 Kudos
Reply

jeff-savage
New Contributor
New Contributor

Posted on ‎02-12-2024 09:56 AM

You can use the key:

OIDCSecondaryAccess

to specify an employee role to create additional accounts on the machine. As long as any account has been created in the past, no new accounts will be created for any users that don't have that role. 

0 Kudos
Reply