I'm guessing we have a different opinion on what "competing solutions" or "accurate user <-> device attribution" or "setting up an LDAP server" mean. I'm sure there's a version of this story where somebody picks Intune (it manages everything!) and then decides to run their own AD install (inexplicably) where that description is accurate, but we've seen a pile of people deploy Jamf Pro/Connect to GSuite/Okta and what you're describing does not match my experience.
With GSuite in particular, nobody set up any LDAP. It's an OIDC app, you do not run Connect Verify or Connect Sync. There's LDAP going on when you're authing against Azure, but if you're in that situation AD seems like what you want?
I read your description as suggesting that if you pick anything other than your product, there's necessarily an AD DS or slapd in your future, and I hope we can agree that's definitely not the case. In the most common case for our audience (startups) it's not even any LDAP at all.
Is it fewer clicks in Fleetsmith? Maybe? Probably? And you have to know whatever the hell a "PreStage Enrollment" is which is not as easy as it could be. But I think you're making it sound a lot more hairy than it is, particularly for a deployment with "hundreds or thousands of devices". The hard problem facing that IT team is not finding someone who is unafraid of the words "Preference Domain", come on.
(To reiterate my position: I am not saying Fleetsmith is bad, I'm saying that I think your post makes it sound like anything besides Fleetsmith is a world of pain, and I accept that you probably extra-believe that as someone who founded Fleetsmith (not in the sense of "you're lying" but in the sense of you don't bet the farm on trying to fix things you don't think are broken), but, I think a) whatever Fleetsmith is fine and yes it's probably better at doing the limited set of things you should be doing but b) compared to our experience this is a pretty wide exaggeration of how bad anything else is like.)
With GSuite in particular, nobody set up any LDAP. It's an OIDC app, you do not run Connect Verify or Connect Sync. There's LDAP going on when you're authing against Azure, but if you're in that situation AD seems like what you want?
I read your description as suggesting that if you pick anything other than your product, there's necessarily an AD DS or slapd in your future, and I hope we can agree that's definitely not the case. In the most common case for our audience (startups) it's not even any LDAP at all.
Is it fewer clicks in Fleetsmith? Maybe? Probably? And you have to know whatever the hell a "PreStage Enrollment" is which is not as easy as it could be. But I think you're making it sound a lot more hairy than it is, particularly for a deployment with "hundreds or thousands of devices". The hard problem facing that IT team is not finding someone who is unafraid of the words "Preference Domain", come on.
(To reiterate my position: I am not saying Fleetsmith is bad, I'm saying that I think your post makes it sound like anything besides Fleetsmith is a world of pain, and I accept that you probably extra-believe that as someone who founded Fleetsmith (not in the sense of "you're lying" but in the sense of you don't bet the farm on trying to fix things you don't think are broken), but, I think a) whatever Fleetsmith is fine and yes it's probably better at doing the limited set of things you should be doing but b) compared to our experience this is a pretty wide exaggeration of how bad anything else is like.)