Skip to main content

Hey guys,



i'm completely new to Jamf and still trying to find my feet there, I have configured PreStage enrollment and it works fine but I want to enable SecreToken on the management account. During the setup assistant user creates an "admin" local user account for themselves and login so they get SecureToken enabled on their account so how can I enable it on the management account that got created using PreStage enrollment process ? I tried this



sysadminctl interactive -secureTokenOn "management account" -password "password"
but it returns this error in the screenshot



Following

You need two sets of credentials: one for a secure token admin on the system, and one for the account you are assigning a secure token to.



If only the user has a secure token in your workflow, you need their username and password to grant a token to another account.

One callout... if you have your JAMF environment setup to randomly generate your management account password.



You wouldn't be able to enable SecureToken for the management account.

@trippmcc the password of the management account is not generated randomly ! is there a way to enable secure token on that account ?

Unfortunately,
There is no way to automate this.. The 1st local account must be logged into physically before it gets the securetoken.
Pain in the ass really... I have set my prestage with locked admin username, then the IT support person will just login to that account. Then, when bootstraptoken came along, it grants securetokens to any new user mobile or local.

My management account is set to random password so this doesn't help me, but you can add with a script in non-interactive mode:

/usr/sbin/sysadminctl -adminUser LocalUserWithSecureToken -adminPassword HasItAccountPassword -secureTokenOn LocalUserThatNeedsSecureToken -password NeedsItAccountPassword

Reply


Terms & ConditionsCookie settings