Today we released Jamf Connect 2.13.0 for general availability; this release includes the below details.

Key Notes

Microsoft Azure AD Change Required: If Microsoft Azure AD is your IdP, upcoming changes to Microsoft Authentication Library (MSAL) require changes to your Jamf Connect configuration. Existing applications remain functional, but in December 2022 Microsoft will discontinue security updates for Azure Active Directory Authentication Library (ADAL), deprecating the use of common endpoints.

To align with these changes in Jamf Connect, you must include organization-specific tenant information for your registered authentication applications in your configuration using the OIDC Tenant login window preference or the Tenant menu bar app preference. The information entered applies to all Jamf Connect products and is required to use ROPG test in Jamf Connect Configuration. If both of these fields are left blank, you will now receive an alert that a required field is missing. This helps you set up your configuration correctly.

For more information, see the OIDC Tenant preference in Login Window Preferences and the Tenant ID preference in Menu Bar App Preferences. Also see Migrate applications to the Microsoft Authentication Library (MSAL) in the Microsoft Azure Product Documentation.

Change to the minimum supported version of macOS: As of this release, Jamf Connect no longer supports macOS 10.15.3 or earlier. As you prepare to upgrade to version 2.13.0, ensure that all computers with Jamf Connect are on macOS 10.15.4 or later. If a computer with macOS 10.15.3 or earlier is in-scope for updating to Jamf Connect 2.13.0 or later, version 2.12.0 will remain installed and functional instead of updating to the newest version.

Change to the minimum supported version of macOS when using Jamf Unlock: As of this release, 2.13.0, computers must be on macOS 11.0.1 or later to pair Jamf Unlock with Jamf Connect. Computers on earlier versions of macOS that already paired Jamf Unlock with Jamf Connect will remain installed and functional.

Key Feature Content

Local Login Window Upgrades:

• The local login window now resembles the macOS login window. This includes the following:
  • The system background or the user's desktop background now load as the login window background instead of a gray background if a custom background isn't configured for your organization.
  • If multiple users are set up on a Mac, a user is now able to see all available account options, select their account, and log in. If you create a configuration profile with the SHOWFULLNAME key, users' full names show up here as well. For more information, see the SHOWFULLNAME key in Device Management Profile LoginWindow Properties in the Apple Developer Documentation.
• The Jamf Connect local login window now checks for Jamf Unlock availability based on existing pairing records for the user. If a pairing record exists, the user is allowed to use Jamf Unlock to log in.
• There is now an Enable Jamf Unlock switch on the local login screen so that users can pair with the Jamf Unlock iOS app when they log in, enabling authentication via the user's biometrics or pin. This switch also exists in the Jamf Connect menu bar app.

New Login Window Preferences: The Full Name (OIDCFullName) preference is now available for configuration in Jamf Pro. It allows you to specify different attribute claims for full name, such as firstName and lastName or other custom value(s) unique to your environment. This preference overrides the default attributes used to set the full name for an account: name, family_name/given_name, and first/last.

The Hide "Create New User" option at migration (CreateNewUserHide) preference is now available for configuration in Jamf Pro and Jamf Connect Configuration. It enables hiding the Create New User option from users during account migration. With this setting enabled (set to true), users are unable to disrupt account migration by creating a new account. This setting is not enabled (set to null) by default.

Microsoft Identity Platform Endpoints Support: Jamf Connect now supports updated Microsoft identity platform endpoints. If Microsoft Azure AD is your IdP, see the note above, "Microsoft Azure AD Change Required" for information about required changes.

Debugging Change: Due to enhancements, tmp log files for the login window (/tmp/jamf_login.log file) no longer automatically include debug level information. You may still manually produce logs using the Terminal or Console apps to help troubleshoot issues.

Key Technical Content

Resolved Issues:

• [PI109623] When Jamf Unlock is enabled for a user on a computer, you may only authenticate as that user. Documentation now exists to help you disable Jamf Unlock for the user, log in as an admin to make changes, then renable the user. For more information, see Enabling Jamf Unlock on Computers.
• [JC-3794] When a user resizes the Pair new device window in the menu bar app under Paired Devices > Pair new device, the QR code now scales with the window.
• [JC-3921] At the login window, a progress bar no longer remains in the background after closing the acceptable use policy screen at the login window.
• [JC-3998] Improvements ensure that admins don't receive unnecessary notifications during the Jamf Connect installation process.
• [PI110103] The menu bar app no longer launches multiple times during the first launch of the app during installation. Only one copy of Jamf Connect remains open at a time.
• [PI110113] The login window message no longer overlaps with the Done button at the bottom of the screen during the login process.
• [PI109924] Duo MFA and PingID MFA windows that require Webkit now render properly on devices running macOS12.3. macOS 12.4 resolved this issue.
• [PI109612] FileVault enabled users now consistently appear on the FileVault unlock screen after rebooting.
• [PI104597] [PI010181] When Jamf Pro is configured to pass through enrollment customization details to the login window, the login window no longer only passes through the first and last space-separated elements of each user's name. This results in correctly passing through full names when they contain multiple spaces (e.g., Abdul Malik Abadi).
• [JC-3907] When Jamf Connect is configured to use Kerberos authentication, users may now retrieve tickets for authentication on computers without a Kerberos preferences plist or with an old Kerberos preferences plist (e.g., from being previously bound to an Active Directory domain).
• [PI110012] The menu bar app now notifies users during each background check if their local and network passwords are out of sync rather than notifying them only one time. The notification prompts users to sync their passwords. The interval of background checks and the resulting notification is set by the Network Check-in Frequency (NetworkCheck) menu bar app preference, which is set to every 60 minutes by default. For more information about this preference, see Menu Bar App Preferences.
• [JC-3793] When a user keeps the return key pressed down during local or network login, unexpected behaviors no longer occur.
• [JC-3874] When a user switches between Wi-Fi networks and attempts logging into a network that only requires a password, the password field now displays instead of both username and password fields.

Product Documentation

For more information, including Release Notes, please see the Jamf Connect Administrator Guide.

Thank you!

The Jamf Connect team

During the release sequence, they’ll post the new link so you just need to add it in.