"Users" are users on the actual devices (macOS clients, iPads, etc.). "JSS User Accounts & Groups" are all those indiviudals that have access to the JSS or their respective AD groups that have access. For example we have certain AD groups in our IT department that have access to the JSS, so they would be in the "JSS User Accounts & Groups".
Obviously if they have a device provisioned to them and also have access to the JSS management system, you would see their name in both those views.
Hope that makes sense!
Hi @stevenjklein ,
This information can be found in the Casper Suite Administrator’s Guide.
In a nutshell, the first image shows where you can add JSS users who will be able to log in to the JSS and perform various tasks based on the permission set you give them.
The second image is used to assign user based items (VPP, eBooks, Configuration Profiles, etc...). Those users are your end users, more or less; they can be LDAP based or manually created, though many environments use LDAP for users.
Users represent the users in your environment, typically LDAP users, that are logging onto or can be assigned devices. JSS Users are the users who actually have an account and can log into the JSS Console itself. These are typically technicians, administrators, etc.
If you have an Active Directory or LDAP environment, your JSS Users and Users will come form the same source. All users can access the enroll site, Self Service, and be assigned to a device. However, only users whose account has been added to the JSS User Accounts can actually log into the JSS site itself.
@stevenjklein "JSS User Accounts" is mostly for who can log in and access the JSS interface and controls. "Users" is a collection of user accounts on the Macs you may be managing in your JSS. The former may only contain a small number of accounts or groups. The latter may contain thousands of accounts since its based on the users that log into their respective machines. Accounts that show up in "Users" won't necessarily have the ability to log into your JSS, unless you also add them into "JSS User Accounts & Groups"
So they are two different things, and used for two different purposes.
Edit: Haha! That was a serious flurry of answers! I trust you know the difference now. :)
Four responses in 4 minutes! You folks are amazing!
Working with a Windows admin, we linked our JSS to Okta SSO (which is linked to our AD). My JSS now looks like this:
Local Admin is an emergency backup, in case SSO fails. The two groups are from AD.
If I understand the above answers correctly, I can ignore both types of Users completely, and just use the AD-linked Groups to grant appropriate access and privileges to linked AD groups.
Is my understanding correct?