Help

Auto login to self service

Marty
New Contributor

Posted on ‎11-10-2014 07:37 AM

I am trying to figure out if we can have users auto logged in to Self service when they open it/log in to the machine.

0 Kudos
10 REPLIES 10

damienbarrett
Valued Contributor

Posted on ‎11-10-2014 07:45 AM

Are your users logging into their Macs with local accounts? Are the computers bound to AD or OD?

0 Kudos

NoahRJ
Contributor II

Posted on ‎11-10-2014 07:52 AM

Yep, you can toggle that as a setting in your JSS. Navigate to https://your.JSS.url:8443/selfService.html (also accessible by going to Settings > Computer Management > Self Service), and under the login tab, you can change the User Login to "No login" to have Self Service launch without requiring credentials.

0 Kudos

alexjdale
Valued Contributor III

Posted on ‎11-10-2014 07:52 AM

There is no SSO option though, correct?

0 Kudos

mm2270
Legendary Contributor III

Posted on ‎11-10-2014 08:04 AM

There is no SSO option i'm aware of. SS now shows you your username in the upper right side, but it would show a local username just the same as an AD account. We just don't have users log in at the Self Service screen, so it just auto logs in.
The only downside is that I believe you can't really use policies scoped only to LDAP accounts or groups when its set up that way.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎11-10-2014 02:41 PM

@damienbarrett, actually acoping works. IF combined with grabbing the user information @ login.

As per: https://macmule.com/2014/05/04/submit-user-information-from-ad-into-the-jss-at-login-v2/

Caveat is, if you open self service right after login & the last logged in user had differing items you may seek them until a launch of self service post recon submition.

Marty
New Contributor

Posted on ‎11-11-2014 02:17 AM

Using an AD account. If i set it to no login would it still push the policies for applications I have set to user groups?

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎01-04-2015 03:40 AM

It will as long as you're grabbing the user information as per what I posted above.

0 Kudos

bradtchapman
Valued Contributor II

Posted on ‎02-13-2016 09:46 PM

@bentoms So if I'm understanding this correctly, the LDAP scoping technique is actually basing its decisions on whatever username is configured under "User and Location" in the JSS computer record. Is that right?

Because right now we have Self Service set to "No Login" and yet a username appears in the top right corner when the application is open. When I scope a policy to an LDAP user or group, that policy appears in SS if that username falls under the scope.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎02-14-2016 01:53 AM

@bradtchapman Pretty much.

If you're pulling in other LDAP attributes you can also scope via that too.

0 Kudos

bradtchapman
Valued Contributor II

Posted on ‎02-24-2016 11:14 AM

@bentoms , Self Service is set to "No Login" and we are collecting information from LDAP during recon, like your article suggests. LDAP configuration is good, and Self Service policies appear for that user when scoped to an LDAP group they belong to.

When I run the policies, I see "Gathering Information..." for a few seconds, the progress bar fill up and then it disappears. Self Service thinks it ran, but there is absolutely no record in var/log/jamf.log and the JSS shows no activity either.

0 Kudos