From e69883fb651c5b23da1643cb2c5a929dffc58e19 Mon Sep 17 00:00:00 2001
From: Marko Lisica <83164494+marko-lisica@users.noreply.github.com>
Date: Fri, 2 May 2025 15:30:53 +0200
Subject: [PATCH] Update foreign vitals guide (IdP) (#28630)

Added note that IdP username can be added only to macOS hosts during ADE
if end user authentication is enabled.
---
 articles/foreign-vitals-map-idp-users-to-hosts.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/articles/foreign-vitals-map-idp-users-to-hosts.md b/articles/foreign-vitals-map-idp-users-to-hosts.md
index 5caad62bbe..4c51bc1a48 100644
--- a/articles/foreign-vitals-map-idp-users-to-hosts.md
+++ b/articles/foreign-vitals-map-idp-users-to-hosts.md
@@ -62,6 +62,8 @@ After following steps above, you should be able to see latest requests from your
 
 To verify that user information is added to a host, go to the host that has IdP username assigned, and verify that **Full name (IdP)** and **Groups (IdP)** are populated correctly.
 
+> Currently, the IdP username is only supported on macOS hosts. It's collected once, during automatic enrollment (DEP), only if the [end user authenticates](https://fleetdm.com/docs/rest-api/rest-api#mdm-macos-setup) with the IdP and the DEP profile has `await_device_configured` set to `true` (default in the [automatic enrollment profile](https://fleetdm.com/guides/macos-setup-experience#step-1-create-an-automatic-enrollment-profile)).
+
 ### Troubleshooting
 
 If you find that information from IdP (e.g full name or groups) is missing on the host, and host has IdP username assigned to it, follow steps below to resolve.