Description
In Jamf Account, if you have the necessary privilege to see Organization in the left sidebar, there is a Users & contact page which contains the Jamf ID Users, IdP User (if applicable), and Contacts for your organization.
This article provides additional clarity to the Contacts and Users workflows beyond the content provided in the Jamf Account Documentation.
Understanding Users vs Contacts
Tab | Description | Actions Available |
Contacts | Contacts do not have access to Jamf Account, but can be assigned roles for organization operations. |
|
Jamf ID User | Jamf ID users have access to Jamf Account and other Jamf tools, and can be assigned roles and privileges. |
|
IdP User | IdP users have access to Jamf Account and other Jamf tools, and can be assigned roles and privileges. This table contains users from your IdP who've logged into a Jamf application at least once. |
|
An email can show under Contacts in Jamf Account but will not appear under the Jamf Id user or IdP user tab if they've never signed in to Jamf Account (or a Jamf product that uses Jamf ID/IdP credentials for SSO setup in Jamf Account). An IdP user can exist that isn't also a Contact.
Adding a new team member to your organization in Jamf Account
When you have a new member of your Jamf team that may need to access resources in Jamf Account or log in to a Jamf product using Jamf ID, we can add them following the steps below.
The email will show under the Jamf ID user tab once they have logged in to Jamf Account after you've completed the steps below.
Email addresses that are already a Jamf ID
In Jamf Account, go to Organization and select Users & contacts.
Click the Contacts tab.
Click Add Contact.
Fill out the form:
Name
Email - this must match the existing Jamf ID email exactly
If they should receive Marketing emails
Phone number (if applicable)
Role at your company: None, Decision Maker, Primary Technical, End User, Finance.
Note this is used for administrative purposes only and does not impact what they can do in Jamf Account or the other Jamf Products.
Click Save.
If that Jamf ID is currently assigned to a different organization, they will receive an email asking them if they want to switch organizations. If it is not it will automatically be added as a contact.
Email addresses that are not already a Jamf ID
In Jamf Account, go to Organization and select Users & contacts.
Click the Jamf ID users tab.
Click Create Jamf IDt.
Fill out the form:
First and Last Name
Email (this will be their Jamf ID email moving forward)
Language
Timezone
If you want them to setup MFA
Click Save.
The email listed will receive an invite asking them to verify their Jamf ID. Once verified and they log in to Jamf Account they will get the role set as default under Organization > Settings (you must have a custom role created to show here).
Removing a team member from your organization in Jamf Account
To remove access to company resources for employees leaving your organization you can remove them as a contact.
Contacts/Jamf ID users
In Jamf Account, go to Organization and select Users & contacts.
Click the Contacts tab.
Click Remove for the contact in question.
Important Note! The user will still show under Jamf ID Users for your organization until they log in to Jamf Account again. However, when they log on they will see they are no longer assigned to your organization.
IdP users
Manage user access within your IdP and be sure to adjust any user accounts within Jamf Pro, Jamf School, macOS Security Portal, Jamf Security Cloud Portal, Jamf Safe Internet, or JETP.