Open spokanemac opened 1 month ago
QA Notes: worked with @gillespi314 and found additional edge cases that weren’t anticipated that would lead to regressions if we move forward with the proposed changes. The root of the problems we are now seeing seems to be that we don’t have a solid specification for the expected UX when end user auth changes for a device and related questions around when to delete old MDM IdP accounts that are associated with a host UUID
Fleet version: 4.493
Web browser and operating system: macOS 14.2.1-14.4.1
💥 Actual behavior
Hosts that enrolled with an
enroll_reference
in the URL and are moved to a team with SSO off (or vice-versa) get an error when they runsudo profiles renew --type enrollment
🧑💻 Steps to reproduce
Team SSO on
Team SSO on
sudo profiles renew --type enrollment
🕯️ More info
This happens because for re-enrollments the server URL in the enrollment profile that's being sent needs be an exact match with the URL in the installed enrollment profile.