MDM Device users via LDAP and SSO cannot enroll devices.

Everything is set up correctly with SSO and LDAP sync. Only Admins can enroll devices but any of the device users that are in the MDM cannot use SSO or regular email log in to enroll devices to KACE MDM.

Its like KACE MDM is requiring all users to be an admin to enroll the phones. 

If anyone else has had this experience and what was the fix? If not I will reach out to Quest support.

0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: rodney.willis 2 months ago
Yellow Belt

Top Answer

In Settings->Integrations->SSO, what do you have selected under "Assign User Roles" for the device user role?  If it is not the first option (Automatic/All), then check your LDAP attributes to make sure they are matching up correctly.  Try setting it to Automatic/All to see if that works, then that will tell you if it is an issue with your mappings.

  • I checked the Assign User Roles for the device user role and it is set to Automatic/All. LDAP mappings all appear to be matching up perfectly. - SgtG 2 months ago
    • In that case, I'd recommend opening a case with support. - rodney.willis 2 months ago
      • I certainly will, thank you for your info though. I figure just maybe someone may have a trick I missed out there. - SgtG 2 months ago
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ