I've just configured a jamf AD CS connector and trying to get it working with Jamf Cloud.
The AD CS is open and jamf can communicate with it, it sends certificate requests and that's working my issue is I don't have a LDAP or LDAP proxy configured so I can't use $USERNAME variables in the cert request, I ideally want the certificate to be built from AD but this doesn't seem to be working for User Certs. Is there anyway the server can impersonate a user?
What do you recommend me going down the AD CS Connector route or getting our Infrastructure team to provision a new SCEP server to handle these requests?
If you'd have a solid way to determine the user on a device you could use
recon options (
jamf help recon) to update User and Location info to be used with Payload Variables. However for certificates it doesn't seem like a secure solution, so if you are able to determine the user assigned to a device externally, you can leverage Inventory Preload to feed U&L data, „simulating” LDAP integration. This potentially can be even automated via UAPI 🤓.