Can't login to self service with Azure directory account

ooshnoo
Valued Contributor

hey guys… having trouble scoping a self service policy to a specific Azure directory group.

 

I deployed the policy to all comptuers and all users, but limited the scope to our our Operations team group in Azure.

 

This obviously requires user to login to self service to see the policy, but logging into self service fails when using directory creds.  Directory user lookups are successful in the Cloud Identity Provider settings so I know Jamf can see the users, and we have self service set to allow users to login using directory creds. 

 

Anyone got any thoughts as to what I”m doing wrong

6 REPLIES 6

DBrowning
Valued Contributor II

Are you federated to Okta or some other IDP?

ooshnoo
Valued Contributor

thanks for the link.. that may explain it.  We really didn't want to enable SSO on self service just so users can install an app, but looks like that's our only option.

DBrowning
Valued Contributor II

If using Azure CID and MFA then yes.  Its your only option.

AJPinto
Honored Contributor II

I think API/SelfService/Enrollment Portal authentication has to be LDAP or Local JAMF accounts, it does not support AAD or other IDP based authentication. 

Tribruin
Valued Contributor II

It does support Cloud IdP without SSO, that is how we use it. The user's get the regular Self Service login, not an SSO login. We use that to scope Self Service policies to specific Azure AD groups, using Limitations.