JAMF Nation

JAMF Nation is a dynamic and knowledgeable community of Apple-focused IT admins and Casper Suite users. It is hosted by JAMF Software, the Apple Management Experts.

Feature Requests

JSS integration with Zendesk

Under Review
Posted: 11/20/13 at 7:41 PM by TheMacGuys Last Response: Yesterday at 8:54 PM by dvasquez

The Title says it all. I vote for integration with Zendesk. We use Zendesk and just about everything we have works with it would be nice to add Casper to that list.

As well as Remote Control directly with in Casper, then tied to ZenDesk.

Navigation Links for Scripts & Policies on both Computer and Management views

Posted: Yesterday at 1:14 PM by chris.kemp Last Response: Yesterday at 8:54 PM by bpavlov

As policies and scripts are quite often tied together, it would be extremely useful to be able to switch between these categories without having to go to the Computers (to move from Scripts to Policies) or Management (from Policies to Scripts).

This could be easily accomplished by adding the relevant links to each view (add a link to the Scripts page to the Computers view, add a link to the Policies page to the Management view) and would speed up navigating between the two views when building Policies that rely on scripts.

On-Demand Scoping

Posted: Yesterday at 4:05 PM by bensim123

In our environment, we are utilizing device-based app deployment to our iOS devices. The issue we are finding, though, is how the licenses are handed out. For the most part, we acquire enough licenses so that there is one available for each device. There a few instances, though, that isn't the case.

Let's use the app, GoodReader, as an example. We have a set number of licenses, but want to make it available for all of our student devices. Unfortunately, knowing exactly who will need the app, and when, is not easy task (especially when it's over 3000 students). If you set a scope for all devices, only the first ones (up to the number of licenses), would have a license available, and be able to install the app. To avoid this issue we ended up creating two config profiles, and 2 smart groups. We wanted to make sure that, if the student no longer wanted the app, the app could be removed, and release the license. So, we set up an install, and a remove, profile. The smart groups were set for those that have the install profile, and those that have the remove profile. The app is scoped for those that have the install profile, and install the app automatically. When students want to install GoodReader, they are able to install the profile, and the app pushes out to the device. Once it completes, the remove profile is made available in Self Service. If they no longer need the app, they install the remove profile, which then sets up a process of removing the GoodReader app, the install profile, and then the remove profile (since the remove profile is only scoped to those than have the install profile, and the remove profile smart group is excluded from those that have the install profile). The license is then freed up for another user.

As you can see, this is a cumbersome process, which we have to do for a decent handful of apps. So, what I would like to see is have an option where it will only assign the license out after the user tries to install it from self service, without having to use this workaround.

SSH Key Based Authentication for the Casper Admin Account

Posted: Yesterday at 4:01 PM by jholland Last Response: Yesterday at 4:03 PM by dfriedman

JAMF-

Please add SSH key-based authentication as an option for the Casper management account creation step.

I would like to be able to specify a SSH private key (and optionally the passphrase associated with the private key) to the management account that gets created. Then I can push out my public key and modify all end-user's sshd_config file to disallow password-based authentication via a policy.

The benefits are:

  • Enhanced security as I'm using a 4096-bit RSA key and not a ~20char password
  • No need for authentication when SSH'ing to an end-user's machine (if not using a private key passphrase) if one so chooses
  • Doubly enhanced security if a passphrase is applied to the private key (my desired option) as authentication is based upon the private key possession and knowledge of the passphrase.

Screenshot attached from Recon tool where one can add a management account and where I'd like the option to specify key-based authentication and apply my private key and passphrase.

Alphabetize VPP Manage Licenses Content List

Posted: 8/25/15 at 11:44 AM by CairoJXP Last Response: Yesterday at 9:49 AM by beth.lindner

Under Management Settings > Global Management > VPP Accounts, when you go to a profile and choose “content” and then select “iOS app” for example, you cannot sort the apps alphabetically which can make finding an app tedious when dealing with many of them. I also saw a new tab for “unknown” and it’s just that. I don’t know what it refers to since the items populating it literally say “no name.”


Application Usage Logs Export Capability

Not Planned
Posted: 4/4/12 at 5:42 AM by suleymantwana Last Response: Yesterday at 6:12 AM by Phil

This feature request is for adding export option to the Application Usage Logs. At the moment there is only brows option in Application Usage Logs. However, exporting the data to CSV or any other supported file format will enable better data analysis.

Not Planned Responded: 7/27/13 at 8:46 PM by jake

This isn't planned for a future release but we'd appreciate it if you could check out the new interface in version 9 to see if it gets you closer to what you need. Please let us know!

Globally enable "Enforce Mobile Device Name" for iOS devices

Partially Implemented in 9.8
Posted: 6/1/15 at 2:04 PM by mschuring Last Response: 2/11/16 at 7:16 PM by jperkins01

We would like to be able to globally set or control the enabling/disabling of the "Enforce Mobile Device Name." In our setting, even if we have to go in and adjust the name to match the username associated with the device, this would only force us to fix the names that are incorrect one time, not having to go through and enable this for all of our devices.

Partially Implemented in 9.8 Responded: 9/17/15 at 1:57 PM by beth.lindner

As of the Casper Suite 9.8, with Supervised iOS 9 devices, the device name can now be locked with a restriction to prevent modifying device name. We're interested to see if the ability to lock the device name in place, along with the ability to set a desired name per device, will solve the issue presented by end users renaming their devices. Please let us know if the ability to prevent changes solves this dilemma!

SAML Support for JSS Logins

Posted: 1/30/15 at 12:21 PM by pewillia Last Response: 2/11/16 at 6:53 PM by gachowski

Would like SAML support for the web enrollment page and JSS admin console login page.

Automatically populate the "free checkbox" setting for apps for Mobile Devices

Posted: 2/3/16 at 3:51 PM by jkosowsk Last Response: 2/11/16 at 6:05 PM by jkosowsk

It's a big problem when an app in one's mobile device app catalogue has the "free" checkbox checked when it is a paid app, and likewise if the checkbox is NOT checked when it IS a free app (see app install errors related to "...is scheduled for management").

My question is this: why is this checkbox not handled by the JSS, behind the scenes, where it cannot be changed by any user at all?! Why is it even a checkbox?

The app catalogue listing already has the app's URL in the app listing, the data in the app's webpage in the app store could surely be mined by the JSS for its price (whether "paid" or "free"), and therefore the JSS could be made to automatically pull that data into the app listing so that this problem never occurs.

SAML support for self-service

Under Review
Posted: 9/23/13 at 12:03 PM by ShakataGaNai Last Response: 2/11/16 at 5:48 PM by shakim

I work for a cloud company which doesn't have AD or LDAP. We would like to move to JSS Cloud, but how do we secure it? API can do part of the work, but what we'd really like to have is single sign-on. There are a number of SSO vendors/options/technologies out there, the biggest and most widely compatible is SAML. So please, support SSO standards, add SAML.