Help

Can't login to self service with Azure directory account

ooshnoo
Valued Contributor

‎08-25-2023 07:51 AM - edited ‎08-25-2023 07:53 AM

hey guys… having trouble scoping a self service policy to a specific Azure directory group.

 

I deployed the policy to all comptuers and all users, but limited the scope to our our Operations team group in Azure.

 

This obviously requires user to login to self service to see the policy, but logging into self service fails when using directory creds.  Directory user lookups are successful in the Cloud Identity Provider settings so I know Jamf can see the users, and we have self service set to allow users to login using directory creds. 

 

Anyone got any thoughts as to what I”m doing wrong

0 Kudos
Reply
7 REPLIES 7

DBrowning
Valued Contributor II

Posted on ‎08-25-2023 09:27 AM

Are you federated to Okta or some other IDP?

0 Kudos
Reply

ooshnoo
Valued Contributor
In response to DBrowning

Posted on ‎08-25-2023 10:19 AM

thanks for the link.. that may explain it.  We really didn't want to enable SSO on self service just so users can install an app, but looks like that's our only option.

0 Kudos
Reply

DBrowning
Valued Contributor II
In response to ooshnoo

‎08-25-2023 10:23 AM - edited ‎08-25-2023 10:23 AM

If using Azure CID and MFA then yes.  Its your only option.

0 Kudos
Reply

AJPinto
Honored Contributor III

Posted on ‎08-28-2023 04:38 AM

I think API/SelfService/Enrollment Portal authentication has to be LDAP or Local JAMF accounts, it does not support AAD or other IDP based authentication. 

0 Kudos
Reply

Tribruin
Valued Contributor II
In response to AJPinto

Posted on ‎08-28-2023 07:14 AM

It does support Cloud IdP without SSO, that is how we use it. The user's get the regular Self Service login, not an SSO login. We use that to scope Self Service policies to specific Azure AD groups, using Limitations. 

0 Kudos
Reply

sumanaddya
New Contributor

Posted on ‎06-19-2024 05:22 AM

So, I need to create a Cloud IdP group without SSO?

0 Kudos
Reply