Account Migration Settings

Connect existing local accounts to a network account

Migrate

Allows existing local accounts to be connected to a network account.

This setting is typically used when you want a user's existing local account to have the same username and password as the user's network account.

When enabled (set to true), users must log in with their IdP, then Jamf Connect looks for a matching local account.

<key>Migrate</key>
<false/>

Local accounts prohibited from network account connection

MigrateUsersHide

Specifies a list of usernames of local accounts that are excluded from the migration process. These accounts will not be available to users during the "Connect" step of the login process.

<key>MigrateUsersHide</key>
<array>
<string>admin</string>
<string>ladmin</string>
</array>

Hide "Create New User" option at migration

Enables hiding the Create New User option from users during account migration. With this setting enabled (set to true), users are unable to disrupt account migration by creating a new account. This setting is not enabled (set to null) by default.

<key>CreateNewUserHide</key>
<true/>

Demobilize Accounts

DemobilizeUsers

Determines if any existing Active Directory mobile accounts are demobilized. Demobilization results in the following:

• Mobile accounts become local accounts

• Active Directory is removed as a network connection authority

• Accounts lose MDM-capable status

Jamf recommends transitioning away from user-level configuration profiles before demobilizing. For more information about MDM enrollment methods, see MDM-Enabled Local User Accounts in the Jamf Pro Documentation.

Once demobilized, you can unbind computers from Active Directory. For demobilization instructions, see Demobilizing and Unbinding Mobile Accounts with Jamf Connect and Jamf Pro.

<key>DemobilizeUsers</key>
<false/>