Hello all,
I wanted to ask for your thoughts on how Jamf Connect stores the Google Web Application credentials on end-user devices. I’ve always been of the mindset that credentials are secrets and should be stored safely. When I go onto any end-user device, I see that any user can view the plain-text credentials by opening the config profile.
The credentials in question are the OIDCClientSecret and OIDCClientID. This was the result of just following the Jamf Connect Deployment Guide, and support tells me that this is normal behaviour, but I wanted to ask what others think.
I’d appreciate any feedback or guidance you could offer.
Thanks,