After 2 full days of tinkering around with Jamf Connect, I successfully got it all working for our fleet of machines. I currently have a question: I wondered if it is possible to launch a browser window during the enrollment process. I ask this as since the MacBooks are utilizing Okta as an IdP for logging into Jamf Connect. The initial login would technically fail as the new user doesn't have a way to set his/her password until they are in the machine. Of course, they could do this on their laptop, but I would like to move from utilizing personal devices for Onboarding new employees. Launching a Browser window during enrollment would alleviate the issue of having Okta credentials synchronized which would be helpful when making the first login for the machine.
Jamf Connect Pre-Stage Enrollment Browser Window?
+2Best answer by mikevandelinder
@jawanza if an Okta account requires a password change, the Connect login window can prompt the user to make those changes during the login flow. In that way, Okta accounts can be configured to require users to change their password on first login. Users will sign in to their account on the Mac using their temporary Okta credentials. They will be prompted to update their password. And as long a the new password meets the password policies, the new account will be created on Mac with the user's updated Okta password.
Additionally, you can declare a HelpURL in your Connect login window preferences. A "Get Help" button will be visible across the bottom of the login window, and clicking that button will open a web view to the desired URL. If you set that address to the Okta portal, then users can sign in to their accounts and make changes.
+1Hello,
You can use a PreStage enrollment to deploy your Jamf Connect package, configuration profiles, and packages of custom files and images.
All information is here: https://docs.jamf.com/jamf-connect/2.16.0/documentation/Deploying_Jamf_Connect_using_a_Jamf_Pro_PreStage_Enrollment.html/MyCenturaHealth Login
Thanks,
One work around you could do for users in that kind of situation is to use the HelpURL key for the login window and have that point to the URL for Okta's password create/reset tool. This gives the user a way to set their password through an embedded browser window from the laptop without having to sign in first. It's not ideal, but it is a decent work around for those onboarding scenarios.
@jawanza if an Okta account requires a password change, the Connect login window can prompt the user to make those changes during the login flow. In that way, Okta accounts can be configured to require users to change their password on first login. Users will sign in to their account on the Mac using their temporary Okta credentials. They will be prompted to update their password. And as long a the new password meets the password policies, the new account will be created on Mac with the user's updated Okta password.
Additionally, you can declare a HelpURL in your Connect login window preferences. A "Get Help" button will be visible across the bottom of the login window, and clicking that button will open a web view to the desired URL. If you set that address to the Okta portal, then users can sign in to their accounts and make changes.
+7One work around you could do for users in that kind of situation is to use the HelpURL key for the login window and have that point to the URL for Okta's password create/reset tool. This gives the user a way to set their password through an embedded browser window from the laptop without having to sign in first. It's not ideal, but it is a decent work around for those onboarding scenarios.
We use the help URL for this. Our users have to configure Okta multi-factor, factors at first login as well as change their password. So the help URL just points to our main Okta login page. It is a bit repetitive, enter user name and password, change password, login again and then again.
+2I ran through the entire process yesterday and when the user is a freshly onboarded employee, it automatically opens a window to even set up their Multifactor Authentication which then allows them to completely go through the entire setup.
Thank you again so much for everyone's help. I may still use the HelpURL in the event that the window does not pop up.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.