Jamf Nation Community

To expand a bit on what @Shyamsundar said, you should also use an enrollment customization and use Account Settings in PreStage to pre-fill primary account information. What this does for us is that it populates the user's name, email, office location, etc from AD into the Jamf Pro inventory for their Mac in User and Location. If you want more information than what would be populated from the enrollment customization, you can use extension attributes that will pull information from directory services. I created several. One of them allows me to automatically assign Macs to a specific site. Another lets me auto-assign Macs to buildings. I created Jamf API scripts that handle these tasks.

Thanks for everyone's comments. We don't have an AD or use LDAP outside of Okta. I'm assuming I could use Okta to enrich Jamf with the data. I'll have to test that out. 

Hello,

To assign the user we have two scripts. One that is automated to logon and another that is available to the IT staff in self service just in case that failed and requires manual input,

AUTOMATED SCRIPT: 
jamf recon -endUsername $( ls -la /dev/console | cut -d " " -f 4 )

MANUAL SCRIPT:

#JAMF PRO USER JSS SCRIPT

#!/bin/bash
JSSUSER=`/usr/bin/osascript << EOT
tell application "System Events"
activate
set JSSUSER to text returned of (display dialog "Enter Username" default answer "" with title "Username" with icon 2)
end tell
EOT`

# Set Hostname using variable created above
jamf recon -endUsername $JSSUSER

end
osascript -e 'tell application "System Events" to display dialog "'"Username Updated" with title "Username" -e '"buttons {"OK"} default button 1'
exit 0

When I started with my current company, our fleet of Macs were sort of the wild, wild west. Devices had been passed around between users with no record of change in ownership. It was also the middle of Covid so people had left secondary test equipment whenever they had last sat in an office and never went back to grab them, some teams had a group issued system that was passed around with a communal login, crazy times.  Gradually we've cleaned that record up, but as a result of that, to try and consolidate records, I'd written a script to read the Enterprise Connect/Kerberos SSO signed in user and report that back to Jamf as an EA (We're a hybrid on-prem/azure config, so we can still rely on K-SSO). I can also take that user info and run it through our user lookup and and populate all sorts of info that we use (org chain, deptarment bill codes, office location, etc) through Jamf EAs that can be leveraged via smart groups.

One other thing I do - basically I use a Jamf policy to nag folks into signing into Kerberos SSO if they haven't, then I read that data to grab the user info and pass that to a Jamf recon username action.

#!/bin/sh

#  Last User - Recon user name.sh
#
#
#  Created by Ed C. on 6/18/21.
#  Updated 5.12.2023 to resolve some issues
#
## Get the user
endUsername=$(/usr/libexec/PlistBuddy -c "Print :user_name" /Users/Shared/.KerberosSSO/com.apple.KerberosSSO.attributes.plist)

## Do the needful
if [[ "$endUsername" = "" ]]; then
    echo "No User found"
    exit 1
elif [[ "$endUsername" == *"Exist"*  ]]; then
    echo "No User found"
    exit 2
elif [[ "$endUsername" == *"@"*  ]]; then
    echo "Found user $endUsername"
    echo "Improperly formatted username - attempting to clean"
    trimmed=$(echo $endUsername | /usr/bin/sed 's/[@].*//')
    echo "Trimmed username is $trimmed"
    /usr/local/bin/jamf recon -endUsername $trimmed
    exit 0
else
    echo "Found user $endUsername"
    /usr/local/bin/jamf recon -endUsername $endUsername
fi

exit 0

There's a number of places you can look within the computer for the logged in user, you just have to search for the one that applies to your situation. 

We have Jamf Connect but I still have to do a manual search with LDAP integration to get the user information, so I will carefully read everyone's comments so far to see if I can finally, FINALLY get these automatically mapped.