Seperating Contractors from FTE

ajamfadmin1810
Contributor

Hello all

 

I am tasked with seperating our onboarding process for Contractors and Full time employees. We are using Onelogin as an LDAP server just as background info. I would like to use Smart Computer groups to achieve this

 

What workflows or methods does everyone here use to seperate onboardings for employee types.

1 ACCEPTED SOLUTION

junjishimazaki
Valued Contributor

Unfortunately, you're going to be limited to what Jamf can read from your Onelogin. What you see in the user's attribute in Jamf is what you get so you can't customize the fields in Jamf. I think your best bet is using an Extension Attribute to connect to your OL LDAP and retrieve the user fields. Try that route. From that you should be able to create an smart group. 

View solution in original post

5 REPLIES 5

junjishimazaki
Valued Contributor

Hi. Let's start with the basics. In your org, how do you distinguish computers between contractors and FTE? Do you change the computer name differently? And in OL what user field gets filled in to distinguish between contractors/FTE and does that field gets populated into the user field in Jamf?

Hello

 

Currently we aren't separating them at all in terms of naming computers. I have two scripts ready to go that will rename the machines for us, based on ideally smart computer groups whether the assigned user is contractors or FTE.

 

In order for me to have the smart computer groups for FTE and Contractors i need more info in JAMF.

The problem is we are using OneLogin as a VLDAP but there doesn't seem to be that many attributes being pulled over into JAMF, only the following show up under the user info tab(Username,full name, email address,phone number,Position).

 

Ideally id like to start having a custom user field in the Onelogin User side filled out when a user is created, then pull that as an attribute into JAMF and base the smart groups off of that.

SideNote:

We currently add [contractor] to the first name in OneLogin to differentiate contracts. But that has been inconsistent and it doesn't seem to pull the [contractor] piece into jamf when showing username so i can base any logic off that for automation

 

Thanks for your help!!

junjishimazaki
Valued Contributor

Unfortunately, you're going to be limited to what Jamf can read from your Onelogin. What you see in the user's attribute in Jamf is what you get so you can't customize the fields in Jamf. I think your best bet is using an Extension Attribute to connect to your OL LDAP and retrieve the user fields. Try that route. From that you should be able to create an smart group. 

JustDeWon
Contributor III

@ajamfadmin1810 , what you could do, upon enrollment, have a dialog box that pops up that identifies if this is a contractor or an employee then sending that to a text file, then whatever is selected update the inventory.

You would also have a scripted EA reading that text file. Then create a smart group from the EA identifying if it's Contractor or FTE

hunter990
Contributor

Another way to do this is in your process to request a system for both, have a checkbox to identify if the new computer is for a contractor or an FTE employee. You could then have this information used to link to an AD group that is created for each type of employee. Then you can use an Extension Attribute and use that to create a smart group for each one. As you can see there are several ways to do it, but none are going to be able to be done with just Jamf alone. Need a way to separate the type of employee they are and have it logged. Then pull that info into Jamf.