Not able to scope Policy/Profile to AD groups using Azure Cloud Identity Provider.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2023 10:14 AM
Hello everyone,
I'm just trying to scope a Self Service policy to Azure AD group, after scoping the policy to the desired AD group under limitation the policy itself is not available in Self Service after a logging with AD id. We have Cloud Identity Provider enabled for this and the connection appears to be successful; is there anything I'm missing here?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2023 10:52 AM
What is the actual scope of the policy set to? Because you have to make sure that the Limitation is what narrows down the scope, but that the Mac itself is within scope of the policy. Meaning, if you're using LDAP style limitations for a policy, you should be able to safely set the Scope to All Computers. You can also use a more limited scope, but ultimately, the policy will show up only if all the scope parameters match. so if the Mac isn't part of the initial scope, logging into Self Service isn't going to change that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2023 02:17 PM
Hi @mm2270
The scope has been set to All Computers and All Users, the Limitations has been set to Directory Service User group where I assigned it to the Azure AD group. The trigger is set to none and execution frequency set to ongoing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-31-2023 12:13 PM
I could be wrong but this has been broken for me for the last year. On the last check it was still a known issue that Jamf can't get the info if a person is a member of an Azure AD group. This was working for me for almost a year when it died. PI104062 - PI-010002
