How to find what Apple ID is logged in to the managed iPad.

Gotti
New Contributor II

All user are login with manager Apple ID but some haver manage to log out and download there own apps, I have added a restriction policy which stops this happening.

But I would like to find out who is currently logged in with their own Apple IDs.

Is there any way of doing this on jamfcloud?

 

 

17 REPLIES 17

Andreas_Schenk
Contributor
Contributor

An MDM Server like Jamf can not see the Name of the logged in Apple ID. This is a decision from Apple in their great wisdom. We can like it or not, but it is what it is. You might want to file Feedback with Apple, to grant MDM Servers the capability to do so. (Probably not likely to be changed, as Apple considers the Name of the Apple ID to be private).

MDM Servers can only query a hash of the logged in Apple ID. But not the clear text Name.

Gotti
New Contributor II

@Andreas_Schenk Thank you so much for the reply. 

techjason
Contributor

@Gotti I have been looking for something like this for a long-time myself. But @Andreas_Schenk  is right; there is no way, right now, of getting this information. However, if you are interested in doing it on a Mac, there is a solution. I have been using this extension attribute for over a year in our environment.

https://github.com/bp88/Jamf-Pro-Extension-Attributes/blob/master/iCloud%20Account%20Details.sh

Maybe someday we will be able to get that info.

 

jmahlman
Valued Contributor

@Gotti  We have an EA that does this for us:

#!/bin/sh
## Get logged in user
loggedInUser=$(stat -f%Su /dev/console)
icloudaccount=$( defaults read /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist Accounts | grep AccountID | cut -d '"' -f 2)
if [ -z "$icloudaccount" ] 
then
    echo "<result>No Accounts Signed In</result>"
else
    echo "<result>$icloudaccount</result>"
fi

 

Off topic, why is bash/shell not a code option in JN?!  

Screen Shot 2021-11-11 at 3.10.11 PM.png

sdrake
New Contributor III

This works perfectly, thank you!!

Thanks, that was very helpful!
Have you ever thought about adjusting the script to send a popup msg window for the users that are not using a specific domain for AppleID?

So we cannot run this manually? Because when I ran manually, I got the message as 'XX is not in the sudoers file. This incident will be reported'. Kindly advice. Thanks.

MarcozEspitia
New Contributor

Hello Guys,

Both Scripts that you guys provided don't work. It doesn't find any Macbooks that have AppleID on them. Knowing for a fact that at least 10 of them have it. Any more suggestions?

The EA script that @jmahlman posted, does work in my setting (for macOS; original post asked for iOS).

You might want to look at the parts of that script and its results. What is the result if you run it on those computers as an Extension Attribute and what is the result if you run it on your admin computer?

entrata
New Contributor II

Do you put this script into a smart group? If so what is the criteria you use to search for the computers in question?

sdrake
New Contributor III

I created a smart group called "Apple ID not signed in" and set the criteria to look for any Apple IDs that are "not like" our Apple ID domain.

vickih
Contributor

Personally I added the script as an extension attribute and then it populates in the inventory section of the computer in the section I wanted. This will run on its own during an inventory check-in.  If anyone finds a mobile device (iPad) solution please update this thread. Since everyone is posting about Desktop instead of iPad. :D Extension Attribute.png

DLR
New Contributor

Man and iPad solution would be so nice! if anyone knows of one please let me know! 

spesh
New Contributor III

As a heads up for all, in macOS Ventura this script will not work. The plist file in preferences has changed, so you may get false reports stating users are not signed in when indeed they are. 

IT-CorpUser
New Contributor

Hey, does anyone have the complete script above?

spesh
New Contributor III

The script in this Jamf Nation thread has worked for us. This will show if someone is signed into their Apple ID in System Settings/Preferences, which works perfectly for my environment. However, if you are trying to see if someone is signed in with their Apple ID to a single service (for example Apple Music), this won't work. 

cdenesha
Valued Contributor II

The OP asked about doing this on the iPad. On the User side, Jamf can tell you if the devices are logged in with the same Apple ID that content was assigned to. 

For example, I assign a free children's book to every user, and I have the setting "Automatically register only users with Managed Apple IDs and skip invitation" configured for every user. When I look up my username, then click on the VPP account on the left sidebar, it'll list which devices are signed in with the MAID.

Technically, Jamf is using that hash value, so it is a true/false of whether they are using the Apple ID that agreed to VPP.

thanks,

chris