Question

Is it normal for AAD to prompt for sign-in every week?

Forum|Forum|5 years ago
February 17, 2021
13 replies
117 views

petestanley
Contributor

Hi,

Our users on devices configured with Jamf Pro/InTune integration get prompted with the below to sign-in/register with AzureAD about once per week.

Is this normal behaviour for you other hybrid Jamf/Intune users? Is there anyway to prevent the need for additional sign-ins?

Jamf Pro Cloud
Intune Integration.
AzureAD (no on-prem)
MacOS Catalina

mfletch
Contributor
Forum|Forum|5 years ago
February 17, 2021

We've dealt with this for years and were never able to get a solution from Jamf, so we moved away from Intune doing our compliance check, and we still have random users that get prompted to sign into JamfAAD so we just changed the permissions on JamfAAD so it can't launch. It was the only way we were able to get it to stop bothering users.

+14

andymcp
Contributor
Forum|Forum|5 years ago
February 17, 2021

I haven't had a chance to test this myself but it sounds like this could help the re-auth situation: https://www.jamf.com/jamf-nation/articles/790/customizing-the-jamfaad-retry-logic-for-the-microsoft-authentication-library-token-authentication

+18

alexjdale
Contributor
Forum|Forum|5 years ago
February 17, 2021

Yep, try those settings, we've been using them and I haven't had a prompt in ages.

petestanley
Author
Contributor
Forum|Forum|5 years ago
February 17, 2021

Dunno how I missed this. Will test the linked CP.

Thanks for the link folks!

+14

bwoods
Honored Contributor
Forum|Forum|4 years ago
July 30, 2021

@mfletch can you show me how you changed the permissions of the jamfAAD prompt? I would like to put it out of it's misery.

jaybagley
New Contributor
Forum|Forum|4 years ago
August 3, 2021

The link provided doesn't work, does anyone have an updated one?

+14

bwoods
Honored Contributor
Forum|Forum|4 years ago
August 3, 2021

@jaybagley is this what you're looking for?

jaybagley
New Contributor
Forum|Forum|4 years ago
August 4, 2021

I don't think so, this doesn't address the weekly re-authentication that we are seeing. Unless I am missing something

+14

bwoods
Honored Contributor
Forum|Forum|4 years ago
September 21, 2021

Upvote this: JamfAAD should use web view instead of | Jamf Nation Feature Requests. Complain to your customer success reps as well.

+27

jhbush
Esteemed Contributor
Forum|Forum|3 years ago
May 27, 2022

Configure JamfAAD to use WebView

To avoid issues with browser redirection during the login process, you can configure the JamfAAD app to use WebView instead.

To configure the JamfAAD to use WebView for users signing into Azure AD, deploy a policy to managed computers that runs the following script:

#!/bin/sh
defaults write com.jamf.management.jamfAAD useWKWebView true

piotrr
Contributor
Forum|Forum|3 years ago
May 31, 2022

Yeah that scriptlet is incomplete, doesn't specify user, and it seems if the registration has already run before, JamfAAD _still_ won't use WebView but will try to launch your default browser instead.

So for these cases where JamfAAD devices require re-registration every 7 or 30 days (my case), the 10.38 update does nothing to improve the situation.

Go_Yes
New Contributor
Forum|Forum|3 years ago
June 1, 2022

#!/usr/bin/env bash
loggedInUser=$( /usr/bin/stat -f %Su /dev/console )
sudo -u $loggedInUser /usr/bin/defaults write com.jamf.management.jamfAAD useWKWebView true
exit 0

Go_Yes
New Contributor
Forum|Forum|3 years ago
June 1, 2022

As Jamf is applying its settings to the root user; the script may need to detect the loggedinuser to set the com.jamf.management.jamfAAD preferences

Configure JamfAAD to use WebView

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded