So what is the best solution? The current word-of-mouth and tech releases appeal to the importance of Managed Apple ID. Even in Jamf's recent Blog, "Jamf After Dark: WWDC recap," @Haddayr Copley-Woods, and @AWebb speak of getting on the Manage Apple ID bandwagon. However, you cannot save stored credentials without LDAP Authentication. Jumping through SSO is difficult, from my experience, too, without stored credentials.
Secondly, there's another instance of LDAP under Synchronization.
One or the other? Both?
Will moving from my Organization > Settings > using Apple School Manager's sync settings and Microsoft Azure Authentication to Microsoft AD (On-prem) LDAP break something?
Should I also link LDAP within the Synchronization settings? Benefits? Pitfalls?
Another sticking point, which may be these will fix, is I cannot filter Users based on the ASM role. All imported users are labeled as "Staff." Not sure if this is a bug or limitation of Azure Authentication, even with ASM sync and the selected "Try to match" settings.
Well, enough rambling, Is anyone else in this boat? Those who may offer advice, much gratitude.
Thanks,
