Possibility to lock account name during enrollment
LockPrimaryAccountInfo and put use of the saml login name
from:
https://developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command
and if possible collect the users full name from the saml login.

LockPrimaryAccountInfo is now available as of macOS 10.15.4. Earlier versions of macOS have a bug that prevents this feature from functioning reliably.
SAML attributes can be saved to a device’s custom attributes. Under the “Authentication” tab in Enrollment details, SAML authentication types include an option to “Allow provider to set custom attributes”.
-
AdminSimpleMDM (Admin, SimpleMDM) commented
Hi Paul- This is currently available. From the "Account Type" drop down, select "Regular account".
-
Paul commented
This is great stuff. What would be really useful if the following could be implemented. This would allow the admin account as well as the user to be specified
SetPrimarySetupAccountAsRegularUser
boolean
If true, the primary accounts are created as regular users. If this is true, you must specify an entry in AutoSetupAdminAccounts.Default: false
-
Rick commented
Yes please!! This would greatly simplify our flow and avoid a lot of the issues we have with getting the right user enrolled in user channel.