MDM Device users via LDAP and SSO cannot enroll devices.
Everything is set up correctly with SSO and LDAP sync. Only Admins can enroll devices but any of the device users that are in the MDM cannot use SSO or regular email log in to enroll devices to KACE MDM.
Its like KACE MDM is requiring all users to be an admin to enroll the phones.
If anyone else has had this experience and what was the fix? If not I will reach out to Quest support.
Answers (1)
Top Answer
In Settings->Integrations->SSO, what do you have selected under "Assign User Roles" for the device user role? If it is not the first option (Automatic/All), then check your LDAP attributes to make sure they are matching up correctly. Try setting it to Automatic/All to see if that works, then that will tell you if it is an issue with your mappings.
Comments:
-
I checked the Assign User Roles for the device user role and it is set to Automatic/All. LDAP mappings all appear to be matching up perfectly. - SgtG 2 years ago
-
In that case, I'd recommend opening a case with support. - rodney.willis 2 years ago
-
I certainly will, thank you for your info though. I figure just maybe someone may have a trick I missed out there. - SgtG 2 years ago
