Description
Populating User and Location information in a computer record can be valuable for scoping, remote management tasks, and a variety of other use cases. In Jamf Pro, this information can be manually added by navigating to the computer record, selecting the Inventory tab, and then editing the User and Location fields (more information on this process can be found here: User Assignments); however, this process can also be automated.
This article provides two workflows for automating user assignments in Jamf Pro with Jamf Connect.
Automating User Assignments
Both the workflows below will populate the username in the computer record of Jamf Pro. In order for the additional values in the User and Location section of Jamf Pro to be populated, either Cloud Identity provider or LDAP Directory Service Integration need to be configured as well as the Collect user and location from Directory Service checkbox selected in Jamf Pro under Settings > Computer Management > Inventory Collection.
Option 1: Enrollment Customization and Jamf Connet
This workflow is documented in the technical paper Customizing the Jamf Pro Enrollment Experience Using Enrollment Customization and Jamf Connect.
Note: There are some complexities to this workflow and it may not provide the desired user experience.
Option 2: Script and Jamf Pro policy
The workflow below is a simpler alternative to option one. The script utilizes the Jamf Connect State plist to retrieve the DisplayName and sends that information to the computer record in Jamf Pro using the jamf recon -endUsername command.
In Jamf Pro navigate to Settings > Computer Management > Scripts > New.
Add the Display Name. In this example Pass User and Location details was used. The category, information and notes can be added in the General tab as well.
Select the Script tab.
Paste the script below into the empty input field.
#!/bin/sh
# Get current signed-in user
currentUser=$(ls -l /dev/console | awk '/ / { print $3 }')
# com.jamf.connect.state.plist location
jamfConnectStateLocation="/Users/$currentUser/Library/Preferences/com.jamf.connect.state.plist"
# Check if the plist file exists
if [ -f "$jamfConnectStateLocation" ]; then
# Read DisplayName from the plist file
DisplayName=$(/usr/libexec/PlistBuddy -c "Print :DisplayName" "$jamfConnectStateLocation" 2>/dev/null)
if [ -n "$DisplayName" ]; then
# Upload DisplayName to Jamf Pro if it's not empty
if [ "$currentUser" != "root" ]; then
/usr/local/bin/jamf recon -endUsername "$DisplayName"
fi
else
echo "DisplayName not found in $jamfConnectStateLocation"
fi
else
echo "Plist file not found: $jamfConnectStateLocation"
fi
exit 0Note: If a different field instead of DisplayName is desired, the script will need to be modified. To identify available fields, run the command
defaults read com.jamf.connect.state.plistin Terminal. Once you’ve determined the desired field, update the script accordingly to reference the appropriate value.Configure Optional Settings:
Adjust Mode and Theme as needed.
Configure the Options and Limitations tabs if desired.
Click Save.
In Jamf Pro navigate to Computers > Policies > New.
On the General tab, configure:
Display Name
Trigger: In the example, Recurring Check-In was used (if deploying via Self-Service leave blank)
Execution Frequency: once per computer
(optional) Category
(optional) Site
(optional) enable Automatically re-run policy on failure option if desired
Select the Scripts payload of the policy and click Configure. Click Add for the script uploaded to Jamf Pro in the previous steps.
Select the Scope tab and add target computers to the policy. When testing any functionality in Jamf Pro, it is important to test with a singular computer first, followed by a pilot group prior to fleet deployment.
(Optional) If deploying the policy via Self Service, select the Self Service tab followed by the Make the policy available in Self Service checkbox. Additional options can be configured under the Self Service tab as well.
Select Save.