You can create users as local administrators on computers by using app roles defined in Microsoft Entra ID.
You can use app roles in Microsoft Entra ID to assign users specific roles for Jamf Setup.
Keep the following in mind when configuring roles in Microsoft Entra ID for Jamf Setup:
Any role assignments in Microsoft Entra ID will override any roles assigned via managed app configuration.
If a user is assigned only one role, Jamf Setup will automatically set up the device using that role and will not display the role selection screen.
If a user is not assigned any roles, Jamf Setup will display the role selection screen with a list of all roles available via managed app configuration.
To ensure the correct role is configured via Jamf Pro, the app role values must correspond to a Jamf Pro smart group.
- Click the Microsoft Entra ID in the left sidebar.
- Click App registrations, and then select your Jamf Connect app registration.
- Click App Roles from the sidebar.
- Click + Create app role.
- In the Create app role pane, do the following:
- Repeat this process to create additional app roles.
Your Jamf Connect app registration now has two or more app roles for role-based local account creation.
You can now assign the roles to any users who are also assigned the app. Assigned users will only be able to select those roles from Jamf Setup, and any other roles will be hidden.