Our config has a JIM server and LDAP connection to Azure AD. We leverage this only to require user authentication on enrollment to prefill the username etc for local account creation. I'm looking into using LDAP groups to give access to certain apps in policy scope as this is how it is done on the Windows side of things in SCCM.
However, we DO have Okta and that is our primary IDP at this point so my question is should I even keep the LDAP and JIM integration around when I can leverage Okta to pull user data.... especially if using LDAP groups is not best practice in Jamf.