Jamf Connect Login user "Domain\Username"

friveraLC
New Contributor III

With Jamf Connect Login, using ADFS native app, users are created using the following convention: "domainusername", does anyone know of a way to get this to just "Username"?

6 REPLIES 6

mlawniczak
New Contributor III

I'm sorry, i'm not sure I understand the question. Are you saying that the local users account name is actually set to domainusername? We are using Jamf Connect with Azure and when the local account is created on the MAC it is the same thing we have in Azure for the username, there is no domain added.

friveraLC
New Contributor III

@mlawniczak Thanks for the reply. We were using Azure, but were recomended to start using an ADFS native app for several reasons. With this new native ADFS app, users log in with just "username", but when the user folder is created, it gets "DomainUsername". This causes apps like MS Word to fail because they dont know how to escape the character.

alfredhart
New Contributor

@friveraLC We are having the exact same issue. Did you find a solution?

whitebeer
Contributor

I wrote a FR to customize the way the name is build:

https://www.jamf.com/jamf-nation/feature-requests/8613/add-posibility-to-customize-the-recordname-of-users-created-with-jamf-connect-login

friveraLC
New Contributor III

Hi @alfredhart We looked into changing the Claim Rule for the the ADFS native app so that when Jamf Connect Login looked for "unique_name" it would return something similar to samAccountName instead of "DomainUsername". This can be done, but required ALOT more testing and approval. We went back to using an ADFS native app, with the Azure options in Jamf Connect, instead of a straight ADFS native app. Each respond back to Jamf Connect Login with a proper token, but when using Azure as the IdP we dont have to pass the "unique_name" to Jamf Connect Login.

Thanks @whitebeer , looked into that as well, we went with the "unsupported" but working way, of Azure IdP and ADFS native app. We needed to change some ADFS settings so that it would allow the User Agent String from Jamf Connect Login to NOT pass a kerberos ticket, but allow Chrome to pass a kerberos ticket, this was a nightmare to figure out but it works now.

alfredhart
New Contributor

@friveraLC Would you be able to share some screen shots or configuration files to show what was successful? Are you on the MacAdmins Slack to direct message? Thanks.