SSO Enrollment, why am I being asked to assign the computer?

Not applicable

I have a Jamf instance that i am using for testing. I have SSO setup with Azure AD and have SSO enabled for User Initiated enrollment. Previously, when I would log in with Azure AD credentials, the computer would automatically be assigned to the Azure AD user (and a User created with the Azure AD UPN as the user ID). Now, when I try to enroll a computer, I am prompted to assign the computer to a user. And, it will not accept my Azure UPN as the User ID. I didn't intentionally change anything, but something changed on me.

Any suggestions?

1 ACCEPTED SOLUTION

LangStefan
New Contributor III

Under the permissions for your user/group, do you have "Assign Users to Computers" unchecked?

Or can it be, that you try to enroll with an account that is also an admin at the same time?

View solution in original post

4 REPLIES 4

LangStefan
New Contributor III

Under the permissions for your user/group, do you have "Assign Users to Computers" unchecked?

Or can it be, that you try to enroll with an account that is also an admin at the same time?

Not applicable

That was it. The user I was using was also setup as a Jamf Pro Admin. Now that makes sense. Thanks.

msswarriors
New Contributor II

I am having the same issue. I have a user setup for enrollment called Enroll with privilege set of Enrollment (no changes). On my prestige enrollment I have it set to not create Computer Account. However, on my last several builds in only in the past week or so have I been asked to Create Computer Account.

I do not have SSO with Active Directory but I do have users linked to Google as a cloud identity provider. I don't have Enroll user setup in Google but I directly added it to Jamf Pro User Accounts & Groups.

I then log in after as the Admin account to the computer and am not able to delete this user account.

msswarriors
New Contributor II

Guess what, Enroll configuration by default now has Assign User to Computer and can't be unchecked.

Looks like I have to make my enroll user to be a custom setting to uncheck the Assign User to Computer. Is there a reason this got changed?