Help

Do users need a Jamf Pro User Accounts in order to enroll a Mac at the Remote Management Screenm?

JRodgers17
New Contributor III

Posted on ‎03-01-2024 08:33 AM

Hello Everyone, 

I am testing out a new enrollment process and testing different use cases.

I seem to run into an error every time when I enroll a device with a user who DOES NOT have a Jamf Pro Account, within the Jamf Pro Console (Account Users and Groups setting). I able to enter my SSO credentials and complete MFA, but after that step, the enrollment Management Screen just hangs, doesn't move forward in the process. 

Is this expected? 

I was previously told by Jamf Support that the Jamf Pro Console account should not be a factor, but it looks like it is? 

Any help would be appreciated, thanks! 

James Rodgers 

0 Kudos
Reply
1 REPLY 1

talkingmoose
Moderator
Moderator

Posted on ‎03-01-2024 08:56 AM

When manually enrolling devices (not using a PreStage enrollment to manage Automated Device Enrollment), I can think of three ways to authorize someone to enroll a device:

  1. Any Jamf Pro administrator with enrollment privileges in User accounts and groups can enroll
  2. Any user with an enrollment invitation, which may be good for just one device or multiple
  3. Any user who's a member of an LDAP group specified in User-initiated enrollment.

I haven't tested, but considering SSO only affects authentication with Jamf Pro not the directory service, I can understand why a directory services group member without a Jamf Pro user account couldn't enroll.

Someone else may provide a better answer for you.

Reply