User data not gathered from enrollment

carbonatron
New Contributor II

Hi,

We've noticed recently that when users are enrolling iMacs and MacBooks (not iPhones and iPads they seem to work) Jamf isn't collecting user details used to enroll on every occasion they seem to be missing about 75% of the time. This only seems to have become an issue since we moved to Jamf Cloud and Azure for authentication. Has anyone else had similar issues? 

Matt

5 REPLIES 5

Tangentism
Contributor III

Working from the simplest first: have you enabled Cloud Identity Provider and set the mappings to taste?

Are you using SSO for the users to authenticate when enrolling the devices or are you using something like Jamf Connect post build to create the account?

Hi,

Yeah, Cloud Identity Provider mappings set and work for about 25% of users and all iOS enrollments were only seeing it with MacOS. We do use SSO to authenticate during enrollment which works fine it's just that we're only seeing about 25% of enrollments actually population the users info.

mpermann
Valued Contributor II

Does the Settings > User initiated-enrollment > Computers > managed local administrator account and the Computers > PreStage Enrollment > {your prestage enrollment} > Account Settingsmanaged local administrator account during macOS Setup Assistant admin accounts share the same username? If they do, that's quite possibly why. Jamf recommends (Under the Provisioning Local Accounts During Automated Device Enrollment section) that those no longer overlap. If you've been using Jamf Pro for a while, you may have had this setup and Jamf has never properly called this out as something that should be changed. By the way, you really don't need to create the UIE admin account as that's not really used for managing devices anymore. I'll be curious to hear if this was the cause or not.

Mattdjerome
New Contributor III

Check your prestage enrollments, are you using any enrollment customizations? these work great to auto assign devices via an IdP login.

Shyamsundar
Contributor

Settings -> Computer Management -> inventory Collect , Enable Collect user and location information from Directory service,

if your user account name created on the Mac is the same as that of in Azure Ad, it will capture the information during the recon and update in JAMF  Screenshot 2024-10-18 at 10.46.23.png