Custom Claims to AzureAD - kylejericson/JAMF GitHub Wiki
Requirements: Windows desktop with admin rights Global Admin rights in Azure AD
Open Powershell as admin
Run this command:
Install-Module -Name AzureADPreview -RequiredVersion 2.0.2.149
Click Yes
Click Yes
-
Download this script from GitHub and run in powershell as admin. https://github.com/kylejericson/JAMF/blob/master/Scripts/AzureADClaim.ps1
-
Download the Jamf Connect app manifest file from Azure AD.
-
Open this .json file in a text editor like BBEdit and change this line. "acceptMappedClaims": true,
-
Test Jamf Connect Login via the Jamf Connect Configuration app and see if you see this claim in the token.
-
If all is good then make sure to set this value in your Jamf Connect Login config OIDCShortName onpremisessamaccountname
Further Reading:
This guide is for doing the onpremisessamaccountname but you can add other values from Azure Graph API located here:
https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
Jamf Connect Menubar: The menubar can’t use this value from a claim so one thing you can do is map this to a Jamf variable like $ROOM and in your Azure AD IDP mappings where the Room is mapped to onPremisesSamAccountName
Like this:
Then make sure to not include the Jamf Connect Menubar config in the pre-stage and make a smart group that looks like this.
Smartgroup Name: Room Not Assigned Then set the scope for the Jamf Connect Menubar config profile to:
All Computers | Excluded: Room Not Assigned
Thanks to Sean Rabbitt for helping to create this guide.