State Settings and User Status

You can track app and user status settings via Jamf Connect's state settings. These settings are stored in the com.jamf.connect.state preference domain and include the following:

  • User information

    User attributes, such as a user's display name from the cloud identity provider (IdP) and their email address.

  • Password information

    Details about a user's password settings, such as their password expiration date or password complexity requirements found in Active Directory.

  • App information

    Details about Jamf Connect processes, such as if the app has been opened by the user and timestamps of the last sign-in or app notification.

    To read Jamf Connect state settings on a computer, execute the following command:

    defaults read com.jamf.connect.state

Keep the following in mind when viewing Jamf Connect state settings:

  • State settings should not be configured or edited by users. Manual changes to these settings may cause unintended behavior in Jamf Connect.

  • State settings are obtained from your organization's cloud identity provider (IdP) or Active Directory domain. Values that cannot be found by Jamf Connect will not be available in the state settings preference domain.

Jamf Connect Extension Attributes

If you use Jamf Pro, you can use Jamf Connect extension attribute templates to collect Jamf Connect data from computers using Jamf Pro. Jamf Connect extension attribute templates collect data from the Jamf Connect state settings on computers.

For instructions on creating an extension attribute from a template in Jamf Pro, see the Computer Extension Attributes section in the Jamf Pro Administrator's Guide.

Jamf Connect State Settings

The following table contains all the available Jamf Connect state settings.

Important:

Jamf Connect state settings should not be configured or edited. Manual changes to these settings may cause unintended behavior in Jamf Connect.

Key

Description

ADExpiration

The date the user's network password expires

DisplayName

The full name of the user in your identity provider (IdP)

ExpirationWarningLast

A timestamp of the last password expiration notification

FirstRunDone

A boolean value that confirms whether a user has opened Jamf Connect at least one time

LastCertificateExpiration

A timestamp of when the last Windows CA certificate will expire for the user

LastSignIn

A timestamp of the last successful sign-in with Jamf Connect

PasswordLength

A network password length requirement found for the user

PasswordCurrent

A boolean value that confirms whether the user's network and local passwords are in sync.

UserEmail

The user's email address

UserFirstName

The first name of the user

UserGroups

Group membership of the user in your identity provider

UserLastName

The last name of the user

UserLoginName

The network username of the last user to sign in with Jamf Connect on the computer

UserShortName

The short name of the user

CustomShortName

A short name that was entered by the user via the AskForShortName preference in Jamf Connect.

UserUPN

The UPN of the user

UserCN

The CN of the user. This value only appears if Kerberos is configured with Jamf Connect.

ComputedPasswordExpireDate

The date the user's Active Directory password expires. This value only appears if Kerberos is configured with Jamf Connect.

UserPasswordSet

The date the user last set a new password. This value only appears if Kerberos is configured with Jamf Connect.

UserHomeDirectory

The home directory of the user. This value only appears if Kerberos is configured with Jamf Connect.

UnlockInUse

A boolean value that confirms whether a user is using the Jamf Unlock app.

Variables Used by Jamf Connect

You can use variables to reference specific user information in your Jamf Connect configuration profiles. Jamf Connect recognizes the following variables:

VariableValue to be SubstitutedPreference Domain Referenced by Jamf Connect
<<domain>>Kerberos Realmcom.jamf.connect
<<serial>>Serial number of the computer--
<<fullname>>The DisplayName valuecom.jamf.connect.state
<<shortname>>

The LDAP UserShortName value

Note:

If you have Kerberos configured to use the CustomShortName value, Jamf Connect will reference that instead

com.jamf.connect.state
<<upn>>The LDAP UserUPN valuecom.jamf.connect.state
<<email>>The LDAP UserEmail valuecom.jamf.connect.state
Note:

When creating a configuration manually using a text editor, you must substitute left angle bracket symbols "<" with "&lt" and right angle bracket symbols ">" with "&gt" for the XML to be parsed properly. Jamf Connect Configuration automatically substitutes these symbols.