For sending email enrollment invitations, isn't that supposed to bypass the need for giving users permission to enroll? I did not check the box to requirement ldap auth. I did a handful of tests (with users who don't have any permissions to Jamf) before going live with my email enrollment invitations, and no one had any issues. I go live, and now we are getting a lot of emails from users saying they don't have the permissions assigned to them in Okta/SSO to enroll the device. Anyone else experience something similar?
Kicking this thread if anyone runs across it, have PI-009388 under investigation for this issue:
Have SSO enabled for console login but invitations sent to end-users do not require authentication. User gets prompted for CA Cert, then after installation directed to SSO instead of the screen to install the MDM profile. Prior to issue, SSO never got installed for this flow.
Nice to see I'm not the only one experiencing this. I hadn't worked with Enrollment Invitations previously, but we're moving from on-prem to Cloud and need to start using them. I'm having the exact same issues:
I also noticed that if I specify when creating the Enrollment Invitation that it's to enroll into a specific Site, that's ignored (and it just gets enrolled into None).