Hi all, it's really great to finally have the ability to have Azure as a Cloud Identity Provider in Jamf Pro.
Now i have all my Mac and Azure User information in one place, i'm wondering how this be brought together?
Specifically we're wanting to populate the 'User and Location' information for each Mac with the relevant information from Azure. Unfortunetly this doesn't seem to happen automatically.
Has anyone found a way to do this yet?
I'm facing the same issue at the moment. Usually the "Username" field is filled during enrolment or when running a
jamf recon -endUsername BLAH
With the setting to "Collect user and location information from LDAP" in computer inventory collection settings, it should work. In fact, it doesn't. I've just raised a support case with this and let you know the outcome. For me, it's a PI, because manually the fields are filled...
@jttavares, for our case it turned out that there was an LDAP EA that didn't return a value, which caused the whole lookup to fail. We resolved it by removing the LDAP EA that caused the issue. Once removed, the fields were populated correctly during Enrollment or with a
jamf recon -endUsername BLAH
You also need to make sure that "collect user and location information from LDAP" is checked from the inventory collection settings.
@m_entholzner Pardon the ignorance, but when-how are you running that script during enrollment? I am not using DEP, just enrolling via URL. So do I need to run that script for every Mac as they check in somehow? Have that script running as a ongoing policy? Sorry for all the questions, but unfortunately we do not have a dedicated Jamf engineer. I would prefer to do this full time, but have other responsibilities that pull me away. Appreciate your responses, thank you.
Well, in general the command doesn't need to run at all. This is only needed when more complex scripting is involved and you need to re-assign user for a mass of devices. Depending on the amount of devices in your fleet this will also cause high load on the Jamf server when running the user assignment ongoing at every check-in.
When using UIE (URL Enrollment), you only need to make sure that the inventory collection preferences are properly set. You find them in Settings > Computer Management (or Device Management) > Inventory Collection > "Collect user and location information from LDAP".
Tick the box and wait for the magic to happen during Enrollment 😉
@m_entholzner OK, last question. We have around 1000 devices. The Macs are constantly reassigned to different users as staff come and go, so once enrolled, we just setup another local account matching the SAM ID in Azure and go. Tracking the hardware by user and location is essential. I setup Azure CIP, mapping for user-location works fine. From what I understand now, those fields only update during enrollment. I was under the assumption, which is my goal, that the User and Location fields would update as the Macs check in so the User-Location fields would populate with the new owner of the Mac, but guess I am incorrect on that one. I did check that box to "collect user and location information from LDAP.
My systems team do not want to setup-maintain an LDAP server, so we just went with Azure Integration. Guess I need to do more digging. FYI, my Jamf instant is in the cloud. Thank you for the input.