Jamf Nation Community

sekinpetr · ‎01-30-2024

I am attempting to set up pre-stage enrollments for Jamf, but am running into some issues:

I manually assigned a device to our business manager account for testing purposes. When I sign into the account, everything looks like it works correctly, but the device isn't assigned to any user. Is there a way that it can be automatically assigned?
I would love to get Google SSO set up for creating the local user account. Would I need Jamf Connect to accomplish this?

Thank you in advance!

AJPinto · ‎01-31-2024

With Apple Business Manager, you assign a device to an MDM solution like Jamf. Apple does not care who uses the device, and has no mechanism to track who is using a device between ABM and MDM.
1. Once the device is enrolled in MDM, you can assign it to a user from within the MDM. There are ways to automate this process.
You will need to discuss your needs with Google.
1. SSO really just means that credentials from logging into the OS (or another tool) are passed to other services and applications, so the user only has to sign in a single time. I think what you are after is On Demand Account Creation.
2. MacOS has something called Platform Single Sign On, which you would use to natively use your IDP credentials to log in to macOS and create a user account on demand. However, very few IDP's support this function of macOS. The only IDP I am aware of that has this in prod currently is Okta, even Microsoft still has it in preview.
3. JAMF Connect could be setup with Google as an IDP and perform on demand account creation.

ivanlovisi · ‎02-08-2024

we have introduced the "enrollment customization" function into our enrollment workflow .

We have enabled the "single sign on authentication" panel.

The user has to identify himself in order to enroll his device. after successful authentication the device is assigned to the user in Jamf Pro

Pre-stage enrollment