Jamf Nation Community

There's no automatic population into the JSS; you can add users and group that you want to have web interface access, but otherwise you won't see them listed in one place within the JSS.

Really? If I had an office with 500+ employee's there is no way for JSS to populate those users from OD or maybe AD?

Am I thinking about this wrong? I need my 500 users listed in JSS so when I fire 5 of them I can lock and wipe there device, when 5 ppl move departments I can just change their groupings and so on (just making up numbers here, again this a very small lab setup).

Once you assign a computer to the user they will appear in the Users tab (you can use the little magnifying glass to search LDAP for them). If there's no functionality for them in the JSS, you don't want them there clogging up your interface (and your database).

For example, I work with about 100 endpoints in a company with 11,000 employees. What reason would I have to see every AD user (and service account, etc.) dumped into my JSS when I only want to see the 50-ish people who actually use the products I support? That's why the JSS doesn't list everyone it can possibly obtain information about; it only shows you what it needed to import into its own database in the course of its operation.

work with about 100 endpoints in a company with 11,000 employees. What reason would I have to see every AD user (and service account, etc.)

Fair point. Wasn't thinking along those lines.

Once you assign a computer to the user they will appear in the Users tab (you can use the little magnifying glass to search LDAP for them). If there's no functionality for them in the JSS, you don't want them there clogging up your interface (and your database).

I see what your saying about clogging up the database.

Right now I am just enrolling the 3-4 CPU's and 3 iOS devices via web enroll (domain/enroll). When I do this It asks for credentials. My credentials work (obviously), then it asks me to "Assign to user" with the magnifying glass. When selecting the magnifying glass it does nothing. Does not list any names, not from OD nor from the 5 random names I put into JSS. Now, lets say I ask a user to enroll via domain.com/enroll, how would I get their credentials to allow them to enroll the device and not ask to "Assign to user"?

By the way...Thanks for your feed back!

If you're assigning a computer to a user manually, you have to put something into the username field before searching. It doesn't list all of the options, it just performs an LDAP query for what you enter.

You can allow users to enroll their own machines by adding an LDAP group (of which they are all a member) to the "JSS Users & Groups" section of your settings, with appropriate permissions. They don't need permission to log into the JSS interface (unless you want them to), just to enroll.