User offboarding with your IDP and Jamf

Summary: This how-to JNUC 2021 session takes a detailed look at using device automation for device state. This method is based on IDP events that can trigger actions within Jamf Pro or Jamf School, using their respective APIs to smooth user offboarding.

October 19 2021 by

Haddayr Copley-Woods

User onboarding gets a lot of attention. But user offboarding is just as important.

Daniel MacLaughlin, a consulting engineer with Jamf, walks attendees through user offboarding with your IDP and Jamf.

Everyone knows the importance of effective user onboarding/offboarding when employees enter or leave a company, but most of the focus is generally on user onboarding. Best Apple device management practices require both. This session focuses on automating user offboarding.

Questions to ask yourself when offboarding

  • What happens when a user leaves the organization?
  • Was that user remote, with corporate hardware?
  • Does that hardware contain information that needs to be protected?

Why focus on user offboarding?

In the last few years, the working location and device ownership model has changed across many organizations to remote work and sometimes multiple devices per user. While the last thing that we think about when we welcome a new hire or student is the time when they leave the organization, if this workflow isn’t set up correctly, it can lead to loss of assets or proprietary information. This can be from something as innocuous as an employee directory to highly sensitive content, such as source code.

There are many reasons to offboard users. Sadly, some employees must be let go, or they go on to other opportunities. But careful offboarding must also be done when students graduate, employees make a move within the company or users receive a replacement of old devices. The old hardware still contains information and has a monetary value to the organization. How can we in IT ensure that the data is protected?

Planning for the right outcome

When we discuss device automation, it’s important to tread carefully. If you don’t plan and implement correctly, rather than saving you time and energy offboarding can cost you a lot of late nights— if not worse.

MacLaughlin walks participants through the details of what to consider when planning and implementing user offboarding:

  • Device types
  • Ownership
  • Automated Enrollment
  • End-user experience
  • Username format

MacLaughlin then walks viewers through two IDPs and the specifics of working with each one, including step-by-step instructions and workflows for Okta and Microsoft Azure Active Directory.

This session also includes API links to Jamf Pro, Jamf School and Jamf Protect, as well as his GitHub repo with his example functions and other resources.

Register for JNUC to access this session as well as the other sessions on demand.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.