Skip to main content
Solved

Setting email address in the User and Location Information to match existing Username


Forum|alt.badge.img+5

We use Google login to enroll our users in JAMF.  We were told by JAMF engineers during our setup, that we could use Google SSO for the login OR leverage Google LDAP.  If we setup LDAP, then we'd have an extra step of pre-populating users and groups in the JAMF settings in order to use SSO.  We don't want to have to pre-populate or manage users in the settings.  So LDAP is not currently enabled. When our users login through SSO for the first time, their Username (which is their email address) is automatically captured in "User and Location", which is great.  However, we have another system that will sync asset information, but it is hard coded to use the Email Address field.  Is there any way to easily script setting the Email Address field to what is already populated in the Username field?

Best answer by Wendy-G

I finally resolved this.  I am able to retrieve the current username from "User and Location" and then set it in the email address field.  I used this article to fetch the username into a variable called $username:  https://community.jamf.com/t5/jamf-pro/using-data-in-jss-within-scripts/td-p/111574

In that article, I used the example that utilizes the serial number.  So in my script, i retrieved the serial number with:

serialNumber=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\" '/IOPlatformSerialNumber/{print $(NF-1)}')

Then I used the following command to set the email to match the $username

sudo jamf recon -email $username

View original
Did this topic help you find an answer to your question?

12 replies

honestpuck
Forum|alt.badge.img+11
  • Contributor
  • 48 replies
  • October 12, 2022

Wendy,

You can use the jamf binary to set the email address in the computer record. I'm assuming that the user's short name is the left hand half of their email address:

 

#!/bin/zsh # get the current user loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && !/loginwindow/ { print $3 }' ) email="${loggedInUser}@example.com" # update the email address in Jamf's computer record /usr/local/bin/jamf recon -email $email

 

That should do it. Put that script (with 'example.com' replaced by your details) in a policy scoped to a smart group (computers that have an empty email address) and run it at checkin.


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • October 13, 2022
honestpuck wrote:

Wendy,

You can use the jamf binary to set the email address in the computer record. I'm assuming that the user's short name is the left hand half of their email address:

 

#!/bin/zsh # get the current user loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && !/loginwindow/ { print $3 }' ) email="${loggedInUser}@example.com" # update the email address in Jamf's computer record /usr/local/bin/jamf recon -email $email

 

That should do it. Put that script (with 'example.com' replaced by your details) in a policy scoped to a smart group (computers that have an empty email address) and run it at checkin.


Unfortunately, the username is not the left-hand side of the email address.  The username is typically firstnamelastname, but their email is firstname.lastname.   It does get stored in the Username field.  I just need the exact information in the Username field to be stored in the Email field.  I just don't know how I can capture that information as a variable to set it in the other field. 


Forum|alt.badge.img+9
  • Contributor
  • 149 replies
  • October 14, 2022
Wendy-G wrote:

Unfortunately, the username is not the left-hand side of the email address.  The username is typically firstnamelastname, but their email is firstname.lastname.   It does get stored in the Username field.  I just need the exact information in the Username field to be stored in the Email field.  I just don't know how I can capture that information as a variable to set it in the other field. 


what happens if you skip the email conversion and run this as the final line?

/usr/local/bin/jamf recon -email $loggedInUser

 

if that doesn't work, you should be able to reference the variables on this page to see if one holds the data you need: https://docs.jamf.com/technical-articles/LDAP_Attribute_Mappings_Reference.html


honestpuck
Forum|alt.badge.img+11
  • Contributor
  • 48 replies
  • October 14, 2022
merps wrote:

what happens if you skip the email conversion and run this as the final line?

/usr/local/bin/jamf recon -email $loggedInUser

 

if that doesn't work, you should be able to reference the variables on this page to see if one holds the data you need: https://docs.jamf.com/technical-articles/LDAP_Attribute_Mappings_Reference.html


Since you know the right hand side of the email address (company.com) and the user name is the left hand half it's just easier that way. No calls to Azure, no API calls to Jamf. Just set it. My solution is only a single line longer than yours.


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • October 14, 2022
honestpuck wrote:

Since you know the right hand side of the email address (company.com) and the user name is the left hand half it's just easier that way. No calls to Azure, no API calls to Jamf. Just set it. My solution is only a single line longer than yours.


The logged in user is only the email address briefly.  When they boot the computer and log into Google via SSO, JAMF install is initiated and their Google login (same as their email) is saved in the Username field in "User and Location" information.  Their resulting local user account will typically be firstnamelastname or firstname.lastnamedomain.com (missing the @).  What I need to store in the "User and Location" information is firstname.lastname@domain.com (period between first and last name). 


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • October 14, 2022

Here are pictures to make it more clear.  The username is NOT the left hand side of the email unfortunately, that would make things much easier.  It is missing the period.  The second example shows what we actually need.  Firstname.lastname@domain.com.  


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • October 14, 2022
merps wrote:

what happens if you skip the email conversion and run this as the final line?

/usr/local/bin/jamf recon -email $loggedInUser

 

if that doesn't work, you should be able to reference the variables on this page to see if one holds the data you need: https://docs.jamf.com/technical-articles/LDAP_Attribute_Mappings_Reference.html


I wish I could use the LDAP information to populate it.   The way we have it JAMF configured for zero-touch, allows any existing user in Google GSuite user to log into a new computer for auto-enrollment, as long as they are in the proper OU.  If we switch to to the LDAP method for enrollment (which would be a requirement in order to reference other LDAP data), we'd have to pre-populate every new user in JAMF before they could enroll.  


honestpuck
Forum|alt.badge.img+11
  • Contributor
  • 48 replies
  • October 21, 2022
Wendy-G wrote:

Here are pictures to make it more clear.  The username is NOT the left hand side of the email unfortunately, that would make things much easier.  It is missing the period.  The second example shows what we actually need.  Firstname.lastname@domain.com.  


That's not good.

I just checked a customer I recently set up to use Google SSO with Jamf Connect and the username they are getting at account creation by Jamf Connect is in fact their email address since that is their Google log in name.

I wonder what I'm doing different to you?

It could also be that my client is on Business Plus I think. I know we had to upgrade them to get LDAP support for Jamf Connect. I'm assuming you are using Jamf Connect to create the user.

I don't want to post even a redacted config profile to here but if you drop me a note at honestpuck@gmail.com I can send you a redacted copy of mine.


honestpuck
Forum|alt.badge.img+11
  • Contributor
  • 48 replies
  • October 21, 2022
Wendy-G wrote:

Here are pictures to make it more clear.  The username is NOT the left hand side of the email unfortunately, that would make things much easier.  It is missing the period.  The second example shows what we actually need.  Firstname.lastname@domain.com.  


OK, I think I see what is happening. The user short name in the OS is not the same as the user name in User and Location. I have the same thing here with accounts I have migrated. Are you migrating existing accounts to be synced with the Google log in password?

Is the example User and Location screen image after you have made an edit to the record or is that straight out of enrolment?




This requires some more thought.


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • October 21, 2022
honestpuck wrote:

That's not good.

I just checked a customer I recently set up to use Google SSO with Jamf Connect and the username they are getting at account creation by Jamf Connect is in fact their email address since that is their Google log in name.

I wonder what I'm doing different to you?

It could also be that my client is on Business Plus I think. I know we had to upgrade them to get LDAP support for Jamf Connect. I'm assuming you are using Jamf Connect to create the user.

I don't want to post even a redacted config profile to here but if you drop me a note at honestpuck@gmail.com I can send you a redacted copy of mine.


The username field does in fact get populated with the proper email address.  The challenge I have is that I need to also populate the Email Address field with that same information.  We are using a help desk system that can sync hardware inventory from JAMF.  In order for it to properly associate the user to the asset, it reads the Email Address field. It is not a configurable integration, so unfortunately I can't set it to use the username field instead.  


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • November 29, 2022
honestpuck wrote:

OK, I think I see what is happening. The user short name in the OS is not the same as the user name in User and Location. I have the same thing here with accounts I have migrated. Are you migrating existing accounts to be synced with the Google log in password?

Is the example User and Location screen image after you have made an edit to the record or is that straight out of enrolment?




This requires some more thought.


The username setting is captured during enrollment from their Google email.  But there are no options I can find for it to populate the email address as well.  We can't sync LDAP unfortunately.  If you use Google SSO for the enrollment, it just checks that the user is in a particular Google OU.  If we use Google LDAP instead, then we have to pre-populate users, which we don't want to have to do.  I figured there was a way to use a script read that username field and use that data to also populate the email field.  But so far, haven't found anything.


Forum|alt.badge.img+5
  • Author
  • New Contributor
  • 7 replies
  • Answer
  • January 27, 2023

I finally resolved this.  I am able to retrieve the current username from "User and Location" and then set it in the email address field.  I used this article to fetch the username into a variable called $username:  https://community.jamf.com/t5/jamf-pro/using-data-in-jss-within-scripts/td-p/111574

In that article, I used the example that utilizes the serial number.  So in my script, i retrieved the serial number with:

serialNumber=$(ioreg -c IOPlatformExpertDevice -d 2 | awk -F\\" '/IOPlatformSerialNumber/{print $(NF-1)}')

Then I used the following command to set the email to match the $username

sudo jamf recon -email $username


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings