JSS User Accounts and Groups

The Jamf Software Server (JSS) is a multi-user application. JSS user accounts and groups allow you to grant different privileges and levels of access to each user.

When configuring a JSS user account or group, you can grant access to the full JSS or to a specific site. You can grant privileges by choosing one of the following privilege sets:

  • Administrator—Grants all privileges.

  • Auditor—Grants all read privileges.

  • Enrollment Only—Grants all privileges required to enroll computers and mobile devices.

  • Custom—Requires you to grant privileges manually.

If there are multiple users that should have the same access level and privileges, you can create a group with the desired access level and privileges and add accounts to it. Members of a group inherit the access level and privileges from the group. Adding an account to multiple groups allows you to grant a user access to multiple sites.

There are two ways to create JSS user accounts and groups: you can create standard accounts or groups, or you can add them from an LDAP directory service.

Important: It is recommended that you have at least one account that is not from an LDAP directory service in case the connection between the JSS and the LDAP server is interrupted.

The JSS User Accounts and Groups settings also allow you to do the following:

  • Configure account preferences for each JSS user account.

  • Configure the password settings in the Password Policy for all standard JSS user accounts.

  • Unlock a JSS user account that is locked.

Requirements

To add accounts or groups from an LDAP directory service, you need an LDAP server set up in the JSS. (For more information, see Integrating with LDAP Directory Services.)

Creating a JSS User Group

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15894755/Settings_icon.png .

  3. Click System Settings.

  4. Click JSS User Accounts & Groups images/download/thumbnails/15894755/JSS_User_Accounts.png .

  5. Click New images/download/thumbnails/15894755/New_icon.png .

  6. Do one of the following:

    • To create a standard JSS user group, select Create Standard Group and click Next.

    • To add a JSS user group from an LDAP directory service, select Add LDAP Group and click Next. Then follow the onscreen instructions to search for and add the group.

  7. Use the Group pane to configure basic settings for the group.

  8. If you chose “Custom” from the Privilege Set pop-up menu, click the Privileges tab and select the checkbox for each privilege that you want to grant the group.

  9. Click Save.

Creating a JSS User Account

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15894755/Settings_icon.png .

  3. Click System Settings.

  4. Click JSS User Accounts & Groups images/download/thumbnails/15894755/JSS_User_Accounts.png .

  5. Click New images/download/thumbnails/15894755/New_icon.png .

  6. Do one of the following:

    • To create a standard JSS user account, select Create Standard Account and click Next.

    • To add a JSS user account from an LDAP directory service, select Add LDAP Account and click Next. Then follow the onscreen instructions to search for and add the account.

  7. On the Account pane, enter information about the account as needed.

  8. Choose an access level from the Access Level pop-up menu:

    • To grant full access to the JSS, choose “Full Access”.

    • To grant access to a site, choose “Site Access”.
      Note: The “Site Access” option is only displayed if there are sites in the JSS. For more information on adding sites to the JSS, see Sites.

    • To add the account to a standard group, choose “Group Access”.
      Note: The “Group Access” option is only displayed if there are standard groups in the JSS. For more information on creating groups, see Creating a JSS User Group.

  9. Do one of the following:

    • If you granted the account full access or site access, choose a privilege set from the Privilege Set pop-up menu. Then, if you chose “Custom”, click the Privileges tab and select the checkbox for each privilege that you want to grant the account.

    • If you added the account to a group, click the Group Membership tab and select the group(s) you want to add the account to.

  10. Click Save.

Configuring Account Preferences

You can configure Language & Region and Search preferences for each JSS user account. Language & Region preferences allow you to configure settings such as date format and time zone. Search preferences allow you to configure settings for computer, mobile device, and user searches.

  1. Log in to the JSS with a web browser.

  2. At the top of the page, click the disclosure triangle next to your username and then click Preferences.

  3. Click the Language & Region tab and use the pop-up menus to configure language and region preferences.

  4. Click the Search Preferences tab and use the pop-up menus to configure search preferences.
    Note: The default search preference is “Exact Match”. For most items, the option can be changed to either “Starts with” or “Contains”.

  5. Click Save.

Configuring the Password Policy

The Password Policy in the JSS allows you to configure the password settings. The Password Policy applies to all standard JSS user accounts. You can configure the following password settings:

  • Number of login attempts allowed before a JSS user is locked out of the account

  • Password length and age

  • Password reuse limitations

  • Password complexity

  • Settings to allow a user to unlock their own account

Note: The settings configured in the Password Policy do not apply to JSS user accounts added from an LDAP directory service.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15894755/Settings_icon.png .

  3. Click System Settings.

  4. Click JSS User Accounts & Groups images/download/thumbnails/15894755/JSS_User_Accounts.png .

  5. Click Password Policy images/download/thumbnails/15894755/Password_Policy_Key.png .

  6. Click Edit.

  7. Use the settings on the pane to specify the password settings.

  8. Click Save.

The settings are applied immediately.

Unlocking a JSS User Account

A JSS user could be locked out of their account if they exceed the specified number of allowed login attempts. If the Password Policy is configured to allow the user to unlock their account, the user can reset their password to unlock their account. In this case, an email is immediately sent to the email address associated with the account in the JSS allowing the user to unlock their account by resetting their password. For an email to be sent, an SMTP server must be set up in the JSS. (For more information, see Integrating with an SMTP Server.)

In addition, a JSS user account that is locked can be manually unlocked from the JSS by another JSS user with the Administrator privilege set.

The access status of the account is displayed as “Disabled” in the JSS until the account is unlocked.

  1. Log in to the JSS with a web browser.

  2. In the top-right corner of the page, click Settings images/download/thumbnails/15894755/Settings_icon.png .

  3. Click System Settings.

  4. Click JSS User Accounts & Groups images/download/thumbnails/15894755/JSS_User_Accounts.png .
    A list of JSS user accounts and groups is displayed.

  5. Click the JSS user account that has an access status of “Disabled”, which means the account is locked.

  6. Click Edit.

  7. Choose “Enabled” from the Access Status pop-up menu to unlock the account.

  8. Click Save.

The JSS user account is unlocked immediately.

Related Information

For related information, see the following section in this guide:

Sites
Learn about sites and how to add them to the JSS.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.