We have recently moved to Jamf and Jamf Connect - Okta integration. Seems to work great for authentication so far. However we have a 60 day password update policy and that does not seem to enforce via the Jamf Connect mechanism. If the user exists on the computer the old / expired password is still accepted to log into the computer. If the User does not exist on the system the user is prompted to reset the password before the local account is created. So I know the mechanism is there for the reset, just not enforced for the existing user account. Being new to this integration I'm likely missing something.
Question
Enforce Okta Password reset.
+7
We use OKTA and have a similar 90 day password expiry. You can use the chrome extension to push the okta login to the app which will check if it is the same as the laptop.
+7We have the same Okta+90policy, wish Jamf Connect would show the timer in the dropdown window. The only way to see this is when you login which is somewhat helpful not ideal for a password sync solution in my mind.
+1Hi @erichughes - I use JC Sync only (no login) and this is what I came up with
Extension Attribute that checks whether password syncs:
#!/bin/bash
jamf_connect="/Applications/Jamf Connect Sync.app"
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
isCurrent=$(defaults read /Users/"$loggedInUser"/Library/Preferences/com.jamf.connect.sync PasswordCurrent)
if [ $isCurrent == 0 ]; then
echo "<result>No</result>"
elif [ $isCurrent == 1 ]; then
echo "<result>Yes</result>"
else
echo "<result>Jamf Connect Not Installed</result>"
fiThen I have a script that runs at every check in to pull up open jamfconnectsync://signin if the answer to the EA above is No
+3Hi @erichughes - I use JC Sync only (no login) and this is what I came up with
Extension Attribute that checks whether password syncs:
#!/bin/bash
jamf_connect="/Applications/Jamf Connect Sync.app"
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
isCurrent=$(defaults read /Users/"$loggedInUser"/Library/Preferences/com.jamf.connect.sync PasswordCurrent)
if [ $isCurrent == 0 ]; then
echo "<result>No</result>"
elif [ $isCurrent == 1 ]; then
echo "<result>Yes</result>"
else
echo "<result>Jamf Connect Not Installed</result>"
fiThen I have a script that runs at every check in to pull up open jamfconnectsync://signin if the answer to the EA above is No
Hi Paula,
Did you create a smart group for it after adding this to the EA? if so, what were your Criteria for the smart group?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.