Posted on 11-23-2020 07:43 AM
For sending email enrollment invitations, isn't that supposed to bypass the need for giving users permission to enroll? I did not check the box to requirement ldap auth. I did a handful of tests (with users who don't have any permissions to Jamf) before going live with my email enrollment invitations, and no one had any issues. I go live, and now we are getting a lot of emails from users saying they don't have the permissions assigned to them in Okta/SSO to enroll the device. Anyone else experience something similar?
Posted on 12-14-2020 10:02 AM
We also started noticing this behavior beginning with version 10.25.x of Jamf Pro.
Posted on 01-11-2021 07:03 AM
@Phantom5 Are you still experiencing this? Fortunately for us, we only used email enrollment for our initial rollout, and we are already through the 'letting the user' enroll portion of the rollout. You ever submit a ticket about it?
Posted on 02-26-2021 09:38 AM
Kicking this thread if anyone runs across it, have PI-009388 under investigation for this issue:
Have SSO enabled for console login but invitations sent to end-users do not require authentication. User gets prompted for CA Cert, then after installation directed to SSO instead of the screen to install the MDM profile. Prior to issue, SSO never got installed for this flow.
Posted on 04-14-2021 12:58 PM
Nice to see I'm not the only one experiencing this. I hadn't worked with Enrollment Invitations previously, but we're moving from on-prem to Cloud and need to start using them. I'm having the exact same issues:
I also noticed that if I specify when creating the Enrollment Invitation that it's to enroll into a specific Site, that's ignored (and it just gets enrolled into None).