Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. Join us in person at the ninth annual Jamf Nation User Conference (JNUC) this November for three days of learning, laughter and IT love.

Jamf Connect Verify Kerberos sAMAccountName Lookup

Posted: by Wilming Last Response: by glennmiller

We are experiencing so problem after successsfully logged in with jamf connect verify (JCV) using the users emailaddress and password. But when trying to receive a kerberos ticket it will fail.

It will fail, because JCV tries to use username in form <first part of the mailaddress@ KerberosRealm> In our directory the userpart of the UPN/Email does not match the sAMAccountName-attribute.

It would be great if JCV can lookup the attribute (or it has it already) and can be configured to use <sAMAccoutnName@KerberosRealm> to authenticate against our DCs.

Heres an example
EMAIL/UPN: test.user3@company.de
sAMAccountName: testuser3
KerberosRealm: DOM.INTRA.COPMANY.DE

In case of any questions just let me know
Best regards
Jörg

Skip ALL MacOS Setup Assistant Screens for Truly Zero Touch Deployments

Posted: by lynnaj Last Response: by scerazy

Currently with JAMF 10.7.1 and MacOS 10.13 when a person sets up a new mac or restores the OS on an existing mac they need to manually click through the Country and Keyboard screens on the MacOS Setup Assistant. (See attached screen picture)

This means that a person needs to be physically present at the Mac to click through these screens before the prestage enrollment process can take over. Therefore, since someone must click through these MacOS Setup Assistance screens, there actually is no ability with JAMF to do remote, unattended and truly zero-touch deployments of macs.

Basically, once I can skip all the MacOS Setup Assistant screens I will be able to remotely trigger a wipe and reset of macs without having to have anyone physically present at any point in the process. This would allow me to effectively "re-image" (while not actually imaging) a computer lab/classroom overnight.

According to JAMF support what I am asking for cannot yet be done with JAMF and they suggested this feature request.

I would be happy to help you develop and/or test any such system. I would also be happy to share all the other work I have done to make everything else install automatically on the macs I manage.

Thank you!

Add Site to device before enrolling

Posted: by theelysium

I need to add site IDs to iPads that are in route to staff member whom need to authenticate the device.

There is no way at this point for me to do that I have to wait 24 hours to 6months when the staff member finally sets up their device. By that time I've moved on to other things. I need to prep JAMF so that when the device enrolls it goes to the correct site.

A way to fix this might be to put an option in Prestage that allows the authenticating device to also pick a site like enrolling does when initiated from the web link.

Make Self Service Reconnect bar more user friendly

Posted: by emily Last Response: by mm2270

For the longest time I thought our Self Service/Jamf/etc. services were having issues that cause a big red bar on the bottom of the Self Service app saying that the app "Cannot connect to the Jamf Pro server" if it's left open for too long in the background on a client. I naïvely assumed it was related to our networking. As it turns out, this behavior is basically guaranteed to happen because the tokens used by Self Service to connect to Jamf Pro expire after 10-15 minutes (based on my observations this time frame seems about right).

This is a terrible user experience.

The giant red bar makes it seem like Self Service is broken (a "bug"), when losing the connection because a token has expired is a "feature."

Ideally, there would be a friendlier notification if the token expires that asks the user to reload Self Service, like a small floating button in the lower right corner or something. The text could be friendlier, such as "Please refresh to see the latest content from Jamf Pro" or something along those lines. Maybe encourage a reconnection in a friendlier way, rather than giving end users the impression that the app is broken. I'm sure there's a way to tell the difference between Jamf actually being unavailable vs the token having expired.

Cloud Distribution Point in AWS: Specify Bucket

Under Review
Posted: by dan.berman Last Response: by tlarkin

We are looking to add a cloud distro point in AWS but the current implementation requires too much access. As far as we understand, we would need to grant JAMF full read/write access to the root of our S3 account. For obvious reasons this is not acceptable and something we can allow.

I would like to have a feature that lets me create my own S3 bucket with whatever name I want, then let me define that bucket path in JAMF. This way, I can create the name that I want, then create an IAM user with ONLY access to that bucket. This will protect all of our other S3 data and keep it segmented as it should be.

This is highly needed as the current implementation won't work for any customers who care about data security.

Device Wallpaper Image Browser: Sort by most recent

Posted: by matt.mowry

Please adjust the default sort order in the "choose Wallpaper image" browser to show most recently uploaded images first. Or even better, throw it out and make a proper image browser. I should not have to click through eight years of uploaded images to choose one that I used 45 seconds ago.

Add support for new Notification Settings payloads for Catalina

Under Review
Posted: by emily Last Response: by kstrick

https://developer.apple.com/documentation/devicemanagement/notifications/notificationsettingsitem

These payloads were previously iOS only, but are now available on macOS Catalina as of beta 6. Please add support for notification settings in Catalina in a future release of Jamf Pro.

Option to Hide System Applications from Inventory

Posted: by denmoff

Sometime i just want to look at the Applications a user has installed on their system. It would make things easier if there was, let's say, a button to obscure the system installed Apps that every Mac would have by default. I don't recommend removing them from inventory, just having an option to hide them would be nice.

Inventory Preload for macOS devices

Partially Implemented in 10.10.0
Posted: by mhegge Last Response: by jwrn3

Ability to preload data for computers would help with lab environments. Being able to preload computer name would allow computers to immediately fall into smart groups and receive the software installations and configurations easily.

Posted: by drhoten

Computer inventory data has now been partially implemented in Jamf Pro 10.10.0. You can now include computer inventory data in the CSV file uploaded to Inventory Preload, however the device name is not currently supported.

Prior to Jamf Pro 10.10.0, Inventory Preload was limited to mobile devices.

Please refer to our release notes for more information on this new feature.

Force Device Check-In From Computer Management

Posted: by JoshF Last Response: by JoshF

It would be very handy to be able to send query to the remote Mac to force it to check in immediately instead of waiting for the established check-in frequency.