Help

How to find what Apple ID is logged in to the managed iPad.

Gotti
New Contributor II

Posted on ‎11-10-2021 02:32 AM

All user are login with manager Apple ID but some haver manage to log out and download there own apps, I have added a restriction policy which stops this happening.

But I would like to find out who is currently logged in with their own Apple IDs.

Is there any way of doing this on jamfcloud?

 

 

0 Kudos
Reply
17 REPLIES 17

Andreas_Schenk
Contributor

Posted on ‎11-10-2021 04:46 AM

An MDM Server like Jamf can not see the Name of the logged in Apple ID. This is a decision from Apple in their great wisdom. We can like it or not, but it is what it is. You might want to file Feedback with Apple, to grant MDM Servers the capability to do so. (Probably not likely to be changed, as Apple considers the Name of the Apple ID to be private).

MDM Servers can only query a hash of the logged in Apple ID. But not the clear text Name.

Reply

Gotti
New Contributor II

Posted on ‎11-10-2021 05:48 AM

@Andreas_Schenk Thank you so much for the reply. 

0 Kudos
Reply

techjason
Contributor

Posted on ‎11-11-2021 06:51 AM

@Gotti I have been looking for something like this for a long-time myself. But @Andreas_Schenk  is right; there is no way, right now, of getting this information. However, if you are interested in doing it on a Mac, there is a solution. I have been using this extension attribute for over a year in our environment.

https://github.com/bp88/Jamf-Pro-Extension-Attributes/blob/master/iCloud%20Account%20Details.sh

Maybe someday we will be able to get that info.

 

Reply

jmahlman
Valued Contributor

Posted on ‎11-11-2021 12:11 PM

@Gotti  We have an EA that does this for us:

#!/bin/sh
## Get logged in user
loggedInUser=$(stat -f%Su /dev/console)
icloudaccount=$( defaults read /Users/$loggedInUser/Library/Preferences/MobileMeAccounts.plist Accounts | grep AccountID | cut -d '"' -f 2)
if [ -z "$icloudaccount" ] 
then
    echo "<result>No Accounts Signed In</result>"
else
    echo "<result>$icloudaccount</result>"
fi

 

Off topic, why is bash/shell not a code option in JN?!  

Screen Shot 2021-11-11 at 3.10.11 PM.png

Reply

sdrake
New Contributor III
In response to jmahlman

Posted on ‎12-07-2022 10:56 AM

This works perfectly, thank you!!

0 Kudos
Reply

aymank
New Contributor
In response to jmahlman

Posted on ‎07-28-2023 06:42 AM

Thanks, that was very helpful!
Have you ever thought about adjusting the script to send a popup msg window for the users that are not using a specific domain for AppleID?

0 Kudos
Reply

sk25
Contributor
In response to jmahlman

Posted on ‎08-23-2023 12:37 AM

So we cannot run this manually? Because when I ran manually, I got the message as 'XX is not in the sudoers file. This incident will be reported'. Kindly advice. Thanks.

0 Kudos
Reply

MarcozEspitia
New Contributor

Posted on ‎05-04-2022 07:28 AM

Hello Guys,

Both Scripts that you guys provided don't work. It doesn't find any Macbooks that have AppleID on them. Knowing for a fact that at least 10 of them have it. Any more suggestions?

0 Kudos
Reply

Andreas_Schenk
Contributor
In response to MarcozEspitia

Posted on ‎05-04-2022 07:34 AM

The EA script that @jmahlman posted, does work in my setting (for macOS; original post asked for iOS).

You might want to look at the parts of that script and its results. What is the result if you run it on those computers as an Extension Attribute and what is the result if you run it on your admin computer?

0 Kudos
Reply

entrata
New Contributor II

Posted on ‎11-10-2022 11:35 AM

Do you put this script into a smart group? If so what is the criteria you use to search for the computers in question?

0 Kudos
Reply

sdrake
New Contributor III
In response to entrata

Posted on ‎08-11-2023 04:09 PM

I created a smart group called "Apple ID not signed in" and set the criteria to look for any Apple IDs that are "not like" our Apple ID domain.

0 Kudos
Reply

vickih
Contributor

‎03-17-2023 06:17 AM - edited ‎03-17-2023 06:24 AM

Personally I added the script as an extension attribute and then it populates in the inventory section of the computer in the section I wanted. This will run on its own during an inventory check-in.  If anyone finds a mobile device (iPad) solution please update this thread. Since everyone is posting about Desktop instead of iPad. :D Extension Attribute.png

Reply

DLR
New Contributor

Posted on ‎03-30-2023 12:12 PM

Man and iPad solution would be so nice! if anyone knows of one please let me know! 

0 Kudos
Reply

spesh
New Contributor III

Posted on ‎08-28-2023 06:58 AM

As a heads up for all, in macOS Ventura this script will not work. The plist file in preferences has changed, so you may get false reports stating users are not signed in when indeed they are. 

0 Kudos
Reply

IT-CorpUser
New Contributor

Posted on ‎08-29-2023 09:58 AM

Hey, does anyone have the complete script above?

0 Kudos
Reply

spesh
New Contributor III
In response to IT-CorpUser

Posted on ‎08-31-2023 07:07 AM

The script in this Jamf Nation thread has worked for us. This will show if someone is signed into their Apple ID in System Settings/Preferences, which works perfectly for my environment. However, if you are trying to see if someone is signed in with their Apple ID to a single service (for example Apple Music), this won't work. 

Reply

cdenesha
Valued Contributor III

Posted on ‎10-17-2023 06:20 AM

The OP asked about doing this on the iPad. On the User side, Jamf can tell you if the devices are logged in with the same Apple ID that content was assigned to. 

For example, I assign a free children's book to every user, and I have the setting "Automatically register only users with Managed Apple IDs and skip invitation" configured for every user. When I look up my username, then click on the VPP account on the left sidebar, it'll list which devices are signed in with the MAID.

Technically, Jamf is using that hash value, so it is a true/false of whether they are using the Apple ID that agreed to VPP.

thanks,

chris

0 Kudos
Reply