Help

How do we identify the user's Azure AD group memberships?

BernieMac123
New Contributor

Posted on ‎06-10-2022 11:12 AM

I'm looking to use an extension attribute to list a user's Azure AD group membership status. Once that is identified, I would like to then parse this information for certain data, such as a specific group, and then create a smart group based on this information. Once the device enters that smart group, I can then have certain policies (such as licensed software) automatically deploy there. 

Has anyone done this? Thanks in advance!

Reply
4 REPLIES 4

anuj530
New Contributor III

Posted on ‎09-12-2023 08:28 PM

Hi! Did you ever find a solution for this? 

0 Kudos
Reply

rathwing
New Contributor

Posted on ‎10-02-2023 10:07 AM

I am trying to figure the same thing?  Anyone have any thoughts?

0 Kudos
Reply

kaaablume
New Contributor II

Posted on ‎10-02-2023 11:53 AM

We were able to accomplish this using a 3rd party automation tool.  It's unfortunate that it's not available with the existing Jamf supported Azure integrations.  The workflow we have: 

1. Triggers via jamf webhook when a computer submits inventory information. 

2. Extracts the user from the jamf computer object. 

3. Queries AzureAD for that user's group membership. 

4. Filters results to AAD Group IDs only (Opinion: it's easier to work with group IDs than names)

5. Write the Groups IDs to an extension attribute. 

From there we are able to create smart groups based on Azure AD group IDs.  The tool we use is Torq.io but I imagine a similar workflow could be created using another automation tool.... or  eventually within Jamf Pro. 

0 Kudos
Reply

anuj530
New Contributor III
In response to kaaablume

Posted on ‎10-04-2023 07:45 AM

That sounds like a nice workaround. I will try to do this using tines and see if it works! Thanks for the info.

0 Kudos
Reply