How do we identify the user's Azure AD group memberships?

BernieMac123
New Contributor

I'm looking to use an extension attribute to list a user's Azure AD group membership status. Once that is identified, I would like to then parse this information for certain data, such as a specific group, and then create a smart group based on this information. Once the device enters that smart group, I can then have certain policies (such as licensed software) automatically deploy there. 

Has anyone done this? Thanks in advance!

4 REPLIES 4

anuj530
New Contributor III

Hi! Did you ever find a solution for this? 

rathwing
New Contributor

I am trying to figure the same thing?  Anyone have any thoughts?

kaaablume
New Contributor II

We were able to accomplish this using a 3rd party automation tool.  It's unfortunate that it's not available with the existing Jamf supported Azure integrations.  The workflow we have: 

1. Triggers via jamf webhook when a computer submits inventory information. 

2. Extracts the user from the jamf computer object. 

3. Queries AzureAD for that user's group membership. 

4. Filters results to AAD Group IDs only (Opinion: it's easier to work with group IDs than names)

5. Write the Groups IDs to an extension attribute. 

From there we are able to create smart groups based on Azure AD group IDs.  The tool we use is Torq.io but I imagine a similar workflow could be created using another automation tool.... or  eventually within Jamf Pro. 

anuj530
New Contributor III

That sounds like a nice workaround. I will try to do this using tines and see if it works! Thanks for the info.