Is LDAP the only way to populate User and Location in Jamf Pro?

jttavares
New Contributor III

I am not a network engineer or MS tech, so I don't know much on that end.   I have looked through the posts and can't seem to find any definitive answer on how I get the User and Location info populated in Jamf Pro when my Macs check in, if even possible.  I have spoken to our lead systems engineer and he does not want to maintain an LDAP server.  We are running a hybrid AD, as have on-prem AD and Azure.  Jamf Pro is federated, so techs log in using SSO.  From a high perspective, any advice on how to get this info from Azure or AD?  Is LDAP a game breaker for this or do I have other options I am obviously unaware of?   Thank You.

1 ACCEPTED SOLUTION

Samstar777
Contributor II

Hello jttavares,

Cloud Identity Provider is your answer:

Cloud Identity Provider provides below ability :-

Integrating Jamf Pro with a cloud identity provider allows you to access user data stored in the provider's configuration in an easy and secure way. You can do the following:

  • Look up and populate user information for inventory purposes.

  • Add Jamf Pro user accounts or groups from the cloud identity provider.

  • Require users to log in to Self Service or the enrollment portal using their directory accounts.

  • Require users to log in during mobile device setup using their directory accounts.

  • Base the scope of remote management tasks on users or groups from the cloud identity provider.

For information about integrating with a specific cloud identity provider supported by Jamf Pro, see the following sections of this guide:

 

Here is the direct link for Azure Integration with Cloud Identity Provider along workflows and step to step guide.

 

Hope this will help..

 

-Samstar777 πŸ™‚

View solution in original post

6 REPLIES 6

boberito
Valued Contributor

AD usually is the LDAP server

Samstar777
Contributor II

Hello jttavares,

Cloud Identity Provider is your answer:

Cloud Identity Provider provides below ability :-

Integrating Jamf Pro with a cloud identity provider allows you to access user data stored in the provider's configuration in an easy and secure way. You can do the following:

  • Look up and populate user information for inventory purposes.

  • Add Jamf Pro user accounts or groups from the cloud identity provider.

  • Require users to log in to Self Service or the enrollment portal using their directory accounts.

  • Require users to log in during mobile device setup using their directory accounts.

  • Base the scope of remote management tasks on users or groups from the cloud identity provider.

For information about integrating with a specific cloud identity provider supported by Jamf Pro, see the following sections of this guide:

 

Here is the direct link for Azure Integration with Cloud Identity Provider along workflows and step to step guide.

 

Hope this will help..

 

-Samstar777 πŸ™‚

jttavares
New Contributor III

@Samstar777   Just an update, I successfully setup Jamf Pro Cloud with Azure AD SSO & Cloud IdP but not using DEP.  I can't use DEP in my environment.  Mappings work fine when testing but I guess without using DEP for enrollment, I have no way of getting the User and Location fields to auto populate from Azure?  Also we have a large turn around of staff so hardware constantly gets reassigned to new users and we are not re-enrolling these machines into Jamf.  I need this info to auto-update from an asset tracking-inventory perspective with the new owner of the Macs user and location info in azure.   I can't seem to find an answer on getting these fields to populate on their own.  Any help would be appreciated. tx

Coltrane
New Contributor II

In the same boat...

 

noobody
New Contributor

From some previous testing the only way I've been able to accomplish getting the User & Location to populate with Azure AD account info (user's UPN) is to use the Enrollment Customization feature to pass IDP info to Jamf Connect as part of a DEP-enabled pre-stage enrollment.

Aside from that, we still currently use this script to at least get the username field of the User and Location section auto-populated.

 

#!/bin/bash

user=$(python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");')
jamf recon -endUsername "$user"

Hope that helps those who are still looking around for a clear answer as I am...

Emanuel
New Contributor

Im new to Jamf Pro and am trying to get this setup with Google Workspace. Not sure if you have to pay for LDAP service for Google workspace still trying to figure that out. 

 

Anyway, just thinking, if you setup a prepackaged enrollment for devices and wipe them every time a staff leaves, it may be able to auto populate User and location when they create a new local user account. 

 

I have this portion setup with Jamf Connect. Every time a macbook is wiped, it relaunches jamf connect to authenticate a google user. Then it creates a local account with the users email and creates a local password for the user.