Jamf Nation Community

willsmithcc · ‎07-19-2024

Hi all,

I have an issue where staff are taking student-configured laptops out of the carts and using them as their own teacher MacBooks. Student laptops aren't configured in the same way as staff laptops and I'd like to prevent this from happening.

While I can limit who can sign in to the actual Jamf Connect app by OU, I can't figure out how to limit who can log in to the Connect OAuth login screen. Does anyone know how to do this?

The only limit I can find in Google Cloud Console is domains, not groups, subdomains, or OUs.

Thanks!

willsmithcc · ‎07-22-2024

Yeah, I tried creating a separate integration in Google Cloud, to no avail. Not sure if they have a way to get that granular like Entra seems to do.

However, ChatGPT and I came up with a SwiftDialog full screen notification and automatic logout script when it detects a staff account on a student machine. Seems to be working perfectly :)

View solution in original post

AJPinto · ‎07-20-2024

I have used Okta and Extra and what you are wanting may be possible with multiple IDP integrations and giving people access to specific integrations and not others.

Set up two different IDP integrations for Jamf Connect.

Integration for teachers, give teachers the group required to log in to teacher Macs.
Integration for students, give students the groups require to log in to student Macs.
Since you have two different integrations, you can break up access between the two on the IDP side.

willsmithcc · ‎07-22-2024

Yeah, I tried creating a separate integration in Google Cloud, to no avail. Not sure if they have a way to get that granular like Entra seems to do.

However, ChatGPT and I came up with a SwiftDialog full screen notification and automatic logout script when it detects a staff account on a student machine. Seems to be working perfectly :)

Jamf Nation Community

Jamf Connect and Google Workspace – Any way to limit who can log in on certain machines?