Ticket: 251888 - FR: Automatically create admins based on directory group

Status	Submitted By	Submitted On	Last Updated	Discussion Thread
Limbo	kevinmcox	2023-11-18	2023-11-20	N/A

Ticket Summary / Intial Message:

In our old MDM we were able to configure the automatic creation of admins, with specific roles, based on directory membership.

For example this allowed us to have any new Help Desk hire automatically get access to MDM with restricted permissions, with no manual work needed.

We’d like to see Mosyle add this feature. Not only would it reduce manual effort when new IT employees are onboarded, it would allow us to remove or change admin access all from Okta.

I imagine it working like this to configure:

Select a User Group (Directory or Local)
Select Administrator type
Select Limit user permissions (optional)
Select Role

Then anytime a user is added or removed from that group, they would either be promoted or demoted from End User to Administrator (or have their role/permissions changed if they were in a different group previously).

Please let me know if you have any questions.

Thanks, Kevin

Updates

Date 2023-11-20

From:	Mosyle Support
	Thanks for contacting us and for submitting this feature request. To protect the security of your Mosyle MDM account, Mosyle does not support the agility to import users as Mosyle admins. Instead, it is a requirement that Mosyle admins are manually created by an existing Mosyle MDM admin with sufficient rights. This is to ensure that: - Only authorized MDM admins are creating other MDM admins - This account creation is logged and registered to a specific admin rather than being automated through a sync - Prevents the accidental deletion of MDM admin accounts While this isn’t supported at this time, we’ve still registered your feature request in the event this changes in the future. If this is ever implemented, we’ll be sure to let you know via our Release Notes. Please let us know if you have any questions, thank you!

From:

Mosyle Support

Thanks for contacting us and for submitting this feature request.

To protect the security of your Mosyle MDM account, Mosyle does not support the agility to import users as Mosyle admins. Instead, it is a requirement that Mosyle admins are manually created by an existing Mosyle MDM admin with sufficient rights. This is to ensure that:
- Only authorized MDM admins are creating other MDM admins
- This account creation is logged and registered to a specific admin rather than being automated through a sync
- Prevents the accidental deletion of MDM admin accounts

While this isn’t supported at this time, we’ve still registered your feature request in the event this changes in the future. If this is ever implemented, we’ll be sure to let you know via our Release Notes.

Please let us know if you have any questions, thank you!

Date 2023-11-20

From:	kevinmcox
	While I understand the reasoning, we have sufficient controls and auditing in place in Okta to mitigate the concerns for us. I do understand not all companies would however, so I could see this being a feature only enabled for specific clients. Thank you for registering the request.