JAMF Connect forces local accounts to sync with IDP, all accounts are still local and any account could have admin access. JAMF Connect can be configured to not allow specific accounts to sync with your IDP, we do this with our local IT account.
This is a much deeper topic and not directly related to JAMF Connect.
A WiFi configuration profile from JAMF can auto join a WiFi network, but this could not happen until after the device has enrolled and has the MDM Profile on it.
Ethernet should just work unless its 802.1x. If you use 802.1x Ethernet you will need to finish MDM enrollment to get the certificate to authenticate the network on the device with another network.
There is no way to prevent a user from simply disabling wifi (after logging in to macOS), or unplugging the ethernet cable. Though without network access JAMF Connect cannot authenticate the user for 1st time login and account creation which would be after prestage anyway.
