This guide will walk you through setting the local macOS account pictures for end-users via Jamf Connect
Requirements:
Jamf Pro
Jamf Connect
Formatted ID Token Path setup in Jamf Connect Login Config (/private/tmp/token)
Azure Storage Blob
Email addresses of users follow a pattern for all users (john.smith@myorg.com, jsmith@myorg.com, etc..)
Tested with:
Azure AD and Jamf Connect
Test User:
Steps:
1. First step is to get all of your user images. To make this easy on yourself name them the same as the user's email address. So for John Smith his email is john.smith@ericsontech.com I would name his image as john.smith@ericsontech.com.png and upload that image and all other user's images to an Azure Storage blob.
Example:
2. Setup this script to run via Jamf Pro. I have mine setup to run via Jamf Connect Notify
Note:
You will need to update this with your Azure Storage Blob url
curl -L "https://myazureblobname.blob.core.windows.net/mdm/$EMAIL.png" -o /tmp/$EMAIL.png
Also in the $USR update with your local itadmin account username if you have one. (example: ericsontechadmin)
The $USR is important as this is how we get the current user.
The $EMAIL may need to be updated here print a>i]}' | grep upn | cut -d ":" -f2) with a different value in your token for the user's email. In my it's UPN.
Link to script on Github: https://gist.githubusercontent.com/kylejericson/1832145e63bca96db03de91c222d45f7/raw/c3780019541e7fab97fee55b240a607291661161/Set-Account-Picture-via-Jamf-Connect.sh
| #!/bin/bash |
| # Created by Kyle Ericson |
| # Updated by ChatGPT AI for desktop |
|
|
| # Make sure the token file exists |
| TOKEN_BASIC="/private/tmp/token" |
| if _ ! -f "$TOKEN_BASIC" ]; then |
| echo "Error: Token file not found" |
| exit 1 |
| fi |
|
|
| # Get the email address from the token |
| EMAIL=$(awk -F's,:}]' '{for(i=1;i<=NF;i++){if($i~/\s*"email"\s*/ && $(i+1)!=""){print $(i+1)}}}' /private/tmp/token | tr -d '"' | tr -d ' ') |
| if k -z "$EMAIL" ]; then |
| echo "Error: Could not retrieve email address from token" |
| exit 1 |
| fi |
|
|
| # Update with your Azure Blob URL |
| WEBURL="https://myazureblobname.blob.core.windows.net/mdm/$EMAIL.png" |
|
|
| # Get the local user account also you can exclude your built in itadmin account by updating the ericsontechadmin to your username |
| USR=$(dscl . -list /Users | grep -v -e '^_' -e 'root' -e 'ericsontechadmin' -e 'daemon' -e 'nobody') |
|
|
| echo "Setting account picture for $USR to $EMAIL" |
|
|
| # Download the images from a url |
| if ! curl -L "$WEBURL" -o "/tmp/$EMAIL.png"; then |
| echo "Error downloading image for user $EMAIL" |
| exit 1 |
| fi |
|
|
|
|
| # Convert the image to TIFF format |
| if ! sips -s format tiff "/tmp/$EMAIL.png" --out "/tmp/$EMAIL.tiff"; then |
| echo "Error converting image for user $EMAIL" |
| exit 1 |
| fi |
|
|
| # Set the user's picture |
| dscl . create /Users/$USR Picture "/tmp/$EMAIL.tiff" |
|
|
| exit 0 |
3. The script will read the token that gets created when the user logs into Jamf Connect and use it to download the user's picture from Azure and set it to their account picture.
4. Example token file:
5. Final Result:
