Jamf Connect Privilege Escalation Solutions

Hi there,

How are some of you handling privilege escalation for temporarily escalating local Standard accounts to Administrator accounts then back down to local Standard accounts?
Currently we have groups set up in Okta that we use to escalate an account, the user has to sign out and log in with NLA for the group change to be read and thereafter they have to signout and back in again with the Administrator group is removed.

Is there no better streamline approach to this that preferably has some sort of logging? Even paid solutions.

Page 1 / 1

@_aDiedericks Check out the combination of SAP's Privileges app (https://github.com/SAP/macOS-enterprise-privileges) for turning a user into an admin on demand, and PrivilegesDemoter (https://mostlymac.blog/2023/05/15/privilegesdemoter-v3-0/) to enforce demotion back to standard after an appropriate amount of time.

Log in to your Jamf Account and sign up for the Jamf Connect beta.

Ask and ye shall receive
https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Privilege_Elevation_Local_Accounts.html

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded