Jamf Nation Community

Thanks for the reply Gary - we use on-prem AD. We do use Azure AD as well, for some things, but user accounts and this test JAMF group are from Active Directory and our DC's.

Does that answer your question or can I clarify further?

Thanks!

OK, just that if you were using Azure AD, then group object names wasn't supported for use for JAMF administration groups (you had to do a work around by creating local groups named matched with the Azure group object ID) - but support for Azure group objects does come in the latest Jamf Pro 10.29

The issue is more likely to be with your SSO setup
What happens if you just add an individual LDAP user? can you log in with a that user and pass through the SSO ok?

Great info, thanks!

Yeah. If I manually create a user, by Settings>System Settings>Jamf Pro User Accounts & Groups>"New" and select "Add LDAP Account" it will successfully import/create the user and the user can sign in via our SSO page.

I have full admin rights to Active Directory and JAMF Pro (and even Azure AD) but not to our SSO setup or IdP etc. But I can get access or info, depending on the need.

Not sure if it matters or not, but is the group setup as a Security Group within AD or Distribution Group? We only leverage Security Groups for access.

It is a security group that I'm using but thank you, that's good to know.

Currently the only option is to allow users either full access or access to one site. Dialog with your fellow IT professionals, gain insight about Apple device ... in this FR: Site admin permissions - Grant a single user/group access to multiple sites. of permissions you want to apply to users, both local to the JSS and LDAP.