Jamf Nation Community

kbednar · ‎11-08-2021

I was playing around with enrollment customizations and I'm liking the idea of capturing user logins to be created on the machine during enrollment. I created a LDAP Authentication prestage pane (among other cosmetic test panes) and the user profile doesn't get created on the system. Does the enrollment customization feature require Jamf Connect to create LDAP users on devices?

Hugonaut · ‎11-08-2021

@kbednarthe Enrollment Customization option within Settings -> Global Management does not require Jamf Connect.

If you would like to customize the macOS login window, Jamf Connect or NoMad Login are arguably the most convenient options to set a custom login wallpaper.

________________
Looking for a Jamf Managed Service Provider? Look no further than Rocketman
________________

Virtual MacAdmins Monthly Meetup - First Friday, Every Month

kbednar · ‎11-08-2021

I wonder what I'm doing wrong. Not trying to customize the login window at the moment, just trying to get the LDAP user info from the LDAP Authentication pane I created in Enrollment Customization to be created so the user can log into the computer.

mainelysteve · ‎11-09-2021

Enrollment customizations for IDP's or LDAP mainly serve to provide a prettier, easier to understand auth wall for your prestage. The user isn't created at this point and if no account creation action is enabled it will only update the user and location tab on a device record. In your prestage you need to ensure the account settings payload has a local user account type set to Admin or Standard user and then check pre-fill account information and chose Device Owner's details if it's not the default. You can chose to lock the pre-filled info as well.

spotmac · ‎11-08-2021

@kbednar i have the same issue when i I customize a LDAP Authentication prestage pane with Jamf Pro.

MacJunior · ‎11-09-2021

+1 here, I created enrollment customization mainly to populate user information “Full name and username” in the fields where the end user creates an account in the setup assistant, the connection between Jamf and our IdP "Google" is successful but I'm not retrieving any user info for some reason!

MacJunior · ‎11-10-2021

The authentication process with my IdP is successful but populating fullname & username is not happening for some reason.

mainelysteve · ‎11-10-2021

What flavor of Google Workspace do you have? If you have access to the Secure LDAP service then go into Settings > System Settings > Cloud Identity Providers and add your Google Secure LDAP instance there. That will get you LDAP lookups for the pre-fill functionality.

EDIT: https://docs.jamf.com/10.28.0/jamf-pro/administrator-guide/Google_Secure_LDAP_Integration.html

MacJunior · ‎11-10-2021

Did that already but no joy

mainelysteve · ‎11-10-2021

I think I ran into this as well and decided to ditch the SSO pane in my enrollment customization and instead added an LDAP pane. I had to provide some instruction as I wanted to keep my last.first username format instead of last.first@gsuiteemail.zzz but it works 100% of the time for pre-filling the account info.

MacJunior · ‎11-10-2021

I will give it a shot with LDAP Authentication pane but isn't suppose to work with SSO pane !!?

MacJunior · ‎11-11-2021

@mainelysteve it worked like a charm with LDAP authentication pane, I just need here to add extra info so the end user knows what to enter but I would prefer the SSO option more if it would work.

Jamf Nation Community

Does enrollment customization require Jamf Connect?