15 votesAdminSimpleMDM (--------, SimpleMDM) responded
You are now able to set the account username to be the SAML login name.
Due to a known bug in macOS, LockPrimaryAccountInfo does not currently function in a reliable manner. As a result, we are awaiting a fix before releasing the lock functionality.
Hi Paul- This is currently available. From the "Account Type" drop down, select "Regular account".
A related feature was released today that may be of interest.
Enrollments that are using SAML authentication can now optionally set the device custom attributes based on any SAML attributes that are sent from the IdP at the time of enrollment. For instance, if your IdP provides an attribute called "department" with the value "DevOps" and a custom attribute exists in SimpleMDM named "department", then "DevOps" will be set as the custom attribute value for the enrolling device.
This option can be enabled under the Authentication section of the Enrollments details screen when "SAML" is selected as the authentication method.
Hi Osian - Thanks for writing in. What kind of tracking information are you interested in? Logging or location tracking?
Have you seen the "Installs" tab under the App Details screen? This lists every device that has the app installed and also lists the version of the app that is installed.
You can view this interface by visiting App & Media > Catalog, clicking on the app in question (the version does not matter) and then clicking on the "Installs" tab.
SimpleMDM currently lists a version of the human readable name within the administration UI under Devices > Devices. Is this version suitable for the API call you are requesting?
Apple will provide varying human readable versions for a particular device depending upon which of their data sources is polled.
3 votesAdminSimpleMDM (--------, SimpleMDM) shared this idea ·
Hi Luke- Some customers achieve this by creating a "maintenance" device group and then use the API to move devices between the maintenance group and their native group at a scheduled time via the API.
If you are only needing to update an *enterprise* app in single lock mode, you can simply run the update command during off hours using the API (https://simplemdm.com/docs/api/#update16). Single app lock does not need to be disabled when updating enterprise apps.
Thanks for the clarification, Ben. We will keep this in mind.
93 votesAdminSimpleMDM (--------, SimpleMDM) responded
Admin configuration permissions are now more granular, allowing for configuration of just profiles, devices, enrollments, or other aspects of SimpleMDM.
This ticket will remain open as some of the requests related to permission scoped to individual devices or device groups.
Have you considered opening separate SimpleMDM accounts for each of your customers and then granting your user account access to each? This allows you to achieve full account configuration and billing isolation.
How do you envision controlling access to shared configurations? For instance, if an admin is limited to managing one group of devices, are they permitted to create or modify profiles related to that group that may be related to other groups as well?
Thanks for the clarification. We'll keep the request live.
Have you tried using the export feature on the devices screen?
Phil: Does it make more sense to associate this prefix value with the email "provider" object or on an individual "account" object basis for your organization?
We do not have plans of adding subgroups to DeviceLink. We are, however, planning on an app deployment improvement this year. We will keep your suggestion in mind and see if we can address it through a different means.