Help

Jamf (Pro) user enrollment with Entra ID

WhereismyMac
New Contributor

3 weeks ago

Hello everyone,

I want to force the Microsoft login windows when the user enrolls a device.

 

I already archviced:
Settings -> System -> Cloud identity providers -> Entra ID (Mappings test works)

Settings -> System -> Single sign-on with SAML

Settings -> System -> User accounts and groups -> Jamf Pro User Groups - > I got two Directory Service Groups for Jamf Pro Administrator access and Enrollment

 

The only thing that's left is the Error HTTPStatus:500 when I want to register a Mac.

I don't want the whole bunch of extras of Jamf Connect with local/mobile account creation on the Mac etc..

 

Just the extra step as login to verify the user is an active member of the company.

 

Thanks a lot.

0 Kudos
Reply
1 REPLY 1

AJPinto
Esteemed Contributor

3 weeks ago

If you are wanting the user to validate Entra when enrolling the device, you need to configure Settings > Enrollment Customization and then once that is configured go into your PreStage and enable the Enrollment Customization. Once this is done there will be an Entra login box when enrolling a device.

You will still need to add Jamf Groups that EXACTLY MATCH the names your Entra ID groups you use to provision access. The matching names are how Jamf and Entra decide the access mapping.

You mentioned Jamf Connect, but it really has nothing to do with device enrollment. If you are wanting to check your IDP for on demand account creation you will need a tool like Jamf Connect or XCreds whether you want the "extras" or not. MacOS's native solution is Platform Single Sign-on, which Entra does support and does not require anything extra to be pushed to macOS aside of a Configuration Profile but may need extra licensing from Microsoft.

0 Kudos
Reply