Use Active Directory Groups

New Contributor II

Looking to use Active Directory groups to populate smart user groups. We currently have SSO and Azure AD as a Cloud Identity Provider setup. Do I also need to add an LDAP server?


Thank you.



New Contributor II

We're using Jamf Pro.

Honored Contributor II

JAMF cannot do make smart groups based on AD membership. If you need to do AD reporting that will need to come out of Azure. If you are trying to target something at an AD group that is possible. You target the policy/configuration profile to all devices/users and set an exclusion for the desired AD group. The wording is poor, but the exclusion means only users in that AD group will see the policy/configuration profile.


Yes you need a LDAP Server setup for JAMF to be able to search that domain. There is also some extension attributes you need to configure, and inventory collection stuff, nothing complicated.

Clarification needed; LDAP Server Setup on Top of the Azure Cloud Connection?

New Contributor III

You can use limitations in scoping. Jamf can only read Azure group membership from there. You have to enter exact name I believe.