Skip to content

Custom Claims to AzureAD

Jump to bottom
Kyle Ericson edited this page Apr 1, 2022 · 1 revision

Requirements: Windows desktop with admin rights Global Admin rights in Azure AD

Open Powershell as admin Run this command:
Install-Module -Name AzureADPreview -RequiredVersion 2.0.2.149 image image

Click Yes image

Click Yes

  1. Download this script from GitHub and run in powershell as admin. https://github.com/kylejericson/JAMF/blob/master/Scripts/AzureADClaim.ps1

  2. Download the Jamf Connect app manifest file from Azure AD. image

  3. Open this .json file in a text editor like BBEdit and change this line. "acceptMappedClaims": true, image

  4. Test Jamf Connect Login via the Jamf Connect Configuration app and see if you see this claim in the token.

  5. If all is good then make sure to set this value in your Jamf Connect Login config OIDCShortName onpremisessamaccountname image

Further Reading:

This guide is for doing the onpremisessamaccountname but you can add other values from Azure Graph API located here:

https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0

Jamf Connect Menubar: The menubar can’t use this value from a claim so one thing you can do is map this to a Jamf variable like $ROOM and in your Azure AD IDP mappings where the Room is mapped to onPremisesSamAccountName

Like this:
 image

Then make sure to not include the Jamf Connect Menubar config in the pre-stage and make a smart group that looks like this. image

Smartgroup Name: Room Not Assigned 
Then set the scope for the Jamf Connect Menubar config profile to:

All Computers | Excluded: Room Not Assigned

Thanks to Sean Rabbitt for helping to create this guide.

Clone this wiki locally