Jamf Nation Community

Do you have Azure setup under LDAP servers or Cloud Identity Provider?

Hi there, i have been looking into the same thing. Total newbie here. 

How do you achieve calling Graph from JAMF to populate the data? Is it an API call? I am a bit lost...

When i look into my JAMF instance in the "Extension Attributes" there is nothing that mentions my iDP. Jamf training also mentions LDAP but we are not connecting any of that as we are going cloud first.

Any idea where i need to look or what i have to read to understand what i should do to pull the data from Azure  ?

Thanks

Apologies this is the right screenshot

As long as you have a Cloud Identity Provider configured under Settings -> System -> Cloud Identity Providers, you should have the option to pull from Directory Service.

I have nothing configured under LDAP Servers. I only have entries under Cloud Identity Providers.

And my mention of Microsoft Graph was simply as a way to determine what attribute to pull out of Entra ID.

Thanks

interesting... I have not got the option. I have Azure Configured and test returns results without issue. Might be a JAMF quirk? 

Under Settings -> Computer Management -> Inventory Collection, make sure you have "Collect user and location information from Directory Service" checked.

I just spun up a fresh instance, added Cloud Identity Provider connected to my Entra ID instance, and checked that box and I get the Directory Service Attribute Mapping option in Extension Attributes.

That checkbox is also needed if you want user information to populate on device records in Jamf Pro.

BOOM!

Thanks a lot for that! Cheeky little option that was! 

@MMTechno, did you have to do anything else? Still, after finding these instructions, we struggled to pull the fields we wanted. Some examples we want to pull data from are in the pictures below, and we will map to those spots.

@daniel_ross I'm guessing those fall under `onPremiseExtensionAttributes` right? Currently Jamf Pro is unable to collect from that JSON object because it is a list of attributes (like an array). 

You may find those attributes elsewhere in the user record where they have a UDID of sorts as part of the name. Something like `extension_a34572989d08a08c899b999a_country`, or whatever. If you have those entires and they are not part of a JSON "array" (for lack of a better term), then you may be able to pull those in.

Did you ever solve this? I'm running into this same issue.

Hey Steve... Do you know what the attribute name would be to get a list of groups that a user is a member of? When using LDAP, the attribute name was "memberOf" but that doesn't seem to work after switching to an Entra ID connection.

As far as I am aware, Entra ID does not have the concept of 'memberOf.' Instead, you determine group membership by looping through every group and checking if the user is part of the group. So unfortunately there is no easy way to build an Extension Attribute to pull in group information because of that.

Interesting....mine won't pull anything in.....

yes and yes!  I noticed using the graph explorer, if you use v1 there is very limited info.  If I switch to Beta i get a lot more data (including the proxyAddresses which is not returned on v1).