Sending VPP Invitations

Seven
New Contributor III

It appears that VPP invitations can only be sent to users with JSS accounts. However, we'd like to avoid creating user accounts for everyone in our LDAP.

The option to send invitations to users in LDAP does not exist unless a user has been added to the JSS or has been assigned an asset. In order to send out VPP invitations, I will have to manually assign every user in our AD to a device. That isn't helpful. Is there a way to to match machine users to their AD accounts and have the hardware automatically assigned?

Also, JAMF does not pull the e-mail address field from AD. It pulls the user logon name and appends the domain. In our case, the internal domain ends in .internal, so JAMF thinks that everyone's e-mail address is: john.doe@example.internal. It never actually looks at the e-mail field for AD, or at least it won't prefer the AD e-mail field over the logon name + domain name format that it keeps so dear.

Questions:
1.) Is it possible to send invitations to an LDAP user's e-mail address? If so, how?
2.) If option one isn't possible, what is the recommended method of importing everyone from LDAP into JSS? I see no easy way to do this.

1 ACCEPTED SOLUTION

kitzy
Contributor III

Hi @Seven

I've actually seen the behavior you're describing with the email address not being populated correctly. The good news is, there's an easy fix. Look in your LDAP Server settings, navigate to the user mappings tab, and change the attribute for email address from what it is (most likely userPrincipalName) to the correct attribute (usually mail). Hopefully that will get you pointed in the right direction!

View solution in original post

4 REPLIES 4

Malcolm
Contributor II

Yes, providing you have 9.32 build, and smtp setup, and the mail account populated for your users in your active directory and this information is accurate to their device and user account, then mail invites should work.

Seven
New Contributor III

@Malcolm - I've updated my original question. The issue is that one: you can only invite people who are in the JSS or who have been assigned an asset. And JAMF does not pull correct e-mail addresses.

USD497
New Contributor II

I've seen this same issue. It would be nice to have the ability to invite people, without being forced to first manually input them into JSS. With a couple thousand users that is not really an option.

kitzy
Contributor III

Hi @Seven

I've actually seen the behavior you're describing with the email address not being populated correctly. The good news is, there's an easy fix. Look in your LDAP Server settings, navigate to the user mappings tab, and change the attribute for email address from what it is (most likely userPrincipalName) to the correct attribute (usually mail). Hopefully that will get you pointed in the right direction!