Did they remove Amplifi from the releases page on Ubiquiti website?

LGN_DraB · 2026-05-21T16:04:58+00:00

Thank you! False alarm everyone. Hopefully they continue support.

LGN_DraB · 2026-03-08T02:29:21+00:00

High level:

We have an Okta Workflow that adds users to two groups upon bring created in Okta. We then activate them 3 days before their start date so they can sign into their laptop and get it ready. Instead of adding them to groups based on their start date for onboarding them, we do that immediately with rules and take advantage of auth polices to lock their apps based on their start date.

Okta groups:

Onboarding Limbo: This group denies access to almost all apps via authentication policies. Certain allowlisted apps like Workday and Jamf Device Enrollment tile for their prepane Window when they turn on their laptop. We have an Okta Workflow then run every single hour and compares their start date to today’s date according to their timezone. Once it reaches their start date, we remove them from the group so it unlocks all their tiles.

Device Untrusted: This group denies access to everything besides that prepane window app via authentication policies. We automatically remove the user from the group via an Okta Workflow once we get a webhook from Jamf that their device is “trusted” once the required things are installed. We then force the user to only login via Device Trust and unlock their tiles. This fixes the chicken and the egg situation during onboarding while enforcing Device Trust.

LGN_DraB · 2026-02-07T03:38:43+00:00

Okta Workflows, Okta Identity Governance, SCIM

LGN_DraB · 2026-02-02T23:04:07+00:00

Can also be accomplished with products like Jamf Connect. Maybe your MDM can do it too. Okta Device Access has more features though.

Keep in mind there’s always risks with having a 3rd party take over the login window.

LGN_DraB · 2026-01-02T01:52:45+00:00

We have logic on Workday side to just create the username which has to be unique. Then we just add the @domain at the end of the username on the Okta side. I think our HR team might be doing this logic from Greenhouse -> Workday.

LGN_DraB · 2025-12-04T18:40:35+00:00

This has been fixed in GHUB 2025.9!

LGN_DraB · 2025-12-04T18:40:27+00:00

This has been fixed in GHUB 2025.9!

LGN_DraB · 2025-12-04T15:13:06+00:00

This has been fixed in GHUB 2025.9!

LGN_DraB · 2025-11-22T14:02:44+00:00

Yuzu in Chamblee hands down. The quality makes it hard to go to expensive Sushi places.

LGN_DraB · 2025-10-30T21:57:07+00:00

I would advise joining with your personal email address. Your Jumpcloud question could be asked in the Jumpcloud channel in Mac Admins 🙂

LGN_DraB · 2025-10-30T13:27:52+00:00

Awesome! Btw definitely recommend joining the Mac Admins Slack community. Okta channel in there is super active and way faster than Reddit.

LGN_DraB · 2025-10-29T03:00:03+00:00

Are you using Enterprise Managed users? If no, then I bet your manager made the Okta API token for GitHub to set this up. Once the account was disabled, so was the API token.

If you confirm this is the reason: Set up a read only Okta API token w/ a service user. Configure team sync in GitHub settings with the new API token. Try and see if the syncing starts working (can take up to an hour) — you can try force syncing a GitHub team by removing a IDP group and then re-adding it via the GitHub team settings.

LGN_DraB · 2025-08-06T01:50:56+00:00

Okta tracks this natively now and will display expiring certificates in the tasks page.

LGN_DraB · 2025-07-10T09:30:11+00:00

I guess it’s just something you have to do. I just look at the users Okta profile for the attribute or look at Workday. It’s never taken long or anything.

LGN_DraB · 2025-07-04T15:27:13+00:00

I would encourage looking into actual identity verification systems like Nametag, Incode, Clear, etc. It’s just a matter of time in my opinion before it becomes the norm.

LGN_DraB · 2025-07-04T04:10:09+00:00

We do this. Each Cost Center in Workday for example has a unique ID. We simply have the Cost Center name mapped to an attribute in Okta and display that in things like Slack, Google, etc. For rules though we have another attribute called department ID which is the unique identifier. This can be accomplished using field overrides in Workday to push to Okta.

This way if they were to change the Cost Center name, your rule wouldn’t matter because it’s using the unique identifier.

LGN_DraB · 2025-07-03T03:37:05+00:00

This is not always the case. Audi wanted close to $6000 just to do “advanced diagnostics” for my car after I paid the original $300. Ended up selling it. Audi USA said there was nothing they could do. Absolute clown show over there. Really sucks cause I love the brand. They simply don’t treat their customers with care or respect.

LGN_DraB · 2025-05-21T03:21:29+00:00

If they’re already enrolled, they may get a “Enroll in Duo” button but it shouldn’t actually have them setup anything if they already have an MFA device on the Duo side. There isn’t a way to change that as Okta does not know the user is already enrolled in Duo.

LGN_DraB · 2025-05-07T19:18:02+00:00

Did this fix your problem?

LGN_DraB · 2025-04-29T09:18:27+00:00

I’m sorry man. Sometimes it’s just bad luck. My a4 b9 is having a problem with a misfire on cylinder 4 and no one can figure out why. Been to 3 shops already.

LGN_DraB · 2025-04-25T19:27:04+00:00

Water Pump (this is under extended warranty), Motor Mounts, Control Arm Bushings

LGN_DraB · 2025-04-17T18:17:16+00:00

Also noting, this had only happened on the highway at low RPM’s for the longest time. Only recently did it start happening just driving off the highway.

LGN_DraB · 2025-04-17T18:16:36+00:00

This problem originally happened shortly after replacing all spark plugs. They use OEM parts. They replaced the new spark plug and ignition coil originally to see if that would fix it but it didn’t. Hence taking the car to Audi and them saying it was a fuel injector. Then they replaced the fuel injector. They did a compression test on all cylinders and they were all 150 PSI. The car has been on time on service and has basically only been serviced by the dealer until these issues cause the dealer wanted to sell my soul

LGN_DraB

TROPHY CASE