MDM Device users via LDAP and SSO cannot enroll devices.
Everything is set up correctly with SSO and LDAP sync. Only Admins can enroll devices but any of the device users that are in the MDM cannot use SSO or regular email log in to enroll devices to KACE MDM.
Its like KACE MDM is requiring all users to be an admin to enroll the phones.
If anyone else has had this experience and what was the fix? If not I will reach out to Quest support.
In Settings->Integrations->SSO, what do you have selected under "Assign User Roles" for the device user role? If it is not the first option (Automatic/All), then check your LDAP attributes to make sure they are matching up correctly. Try setting it to Automatic/All to see if that works, then that will tell you if it is an issue with your mappings.