Posted on 09-19-2024 05:07 AM
Hello,
I'm working on Jamf Pro, I'm taking over the work of a colleague who has left. He set up "Zero Touch" and "DEPNotify", he set up an AD that is used to do Zero Touch. This AD is now only used for that. We are on Google. Is it possible to replace the AD with a Google LDAPS, without going through Jamf Connect, and thus directly create a user session and a password linked to their Google account?
The existing configuration uses an Active Directory (AD) for authentication in the Zero Touch workflow, but this AD is now only used for this purpose.
The goal is to remove the need for existing AD and integrate directly with Google authentication, without using Jamf Connect.
The desired outcome is that users can authenticate with their Google accounts during Zero Touch deployment and have their Mac provisioned according to policy.
Merci de votre aide.
Posted on 09-19-2024 05:19 AM
You are going to need to go through his scripting and environment configurations. I am assuming the devices are domain bound (which is a bad idea), if they are then there is no solution going forward without a tool like Jamf Connect or manually building user accounts. Google refuses to support PSSO so that is off the table also.
Posted on 09-19-2024 05:55 AM
Thanks, a local account will do, the domain is not that of Google. I just created a Cloud Identity Provider that responds:
id, uuid,Name, uid,or,Users,dc, username, realName, emailAddress
But if I launch a provision, it uses AD