Description
This article provides steps for creating a Jamf Pro Smart Group for device level scoping to directory group as an alternate to using limitations.
Pre-requisites:
Have LDAP or cloud IdP configured in Jamf Pro
Have LDAP or cloud IdP user assigned to device or computer
Creating a Smart Group with LDAP Attributes
Check the box to collect user and location information in Jamf Pro under Settings > Computer management > Inventory collection.
Go to Settings > Computer management > Extension attributes or Settings > Device management > Extension attributes and click +New.
Configure display name and add a Description and Inventory Display if desired.
In the Input Type dropdown select Directory service attribute mapping.
Add the Directory Service Attribute in the box.
If wanting to gather groups the 'memberOf' attribute is usually the one to use but it may be different depending on the directory service provider. The 'memberOf' attribute would yield multiple values so check the box to allow multiple attribute values.
Please note that depending on the size and complexity of the environment, this could result in a lot of data being added to device records, some directory service providers might also have data caps that this could affect.
Build a smart group that would be looking for groups that the director service user would be a part of.