Skip to main content
Question

Jamf Connect Privilege Escalation Solutions

  • January 19, 2024
  • 3 replies
  • 32 views
_aDiedericks
Forum|alt.badge.img+8

Hi there,

How are some of you handling privilege escalation for temporarily escalating local Standard accounts to Administrator accounts then back down to local Standard accounts?
Currently we have groups set up in Okta that we use to escalate an account, the user has to sign out and log in with NLA for the group change to be read and thereafter they have to signout and back in again with the Administrator group is removed.

Is there no better streamline approach to this that preferably has some sort of logging? Even paid solutions.

    3 replies

    sdagley
    Forum|alt.badge.img+25
    • sdagley
    • Jamf Heroes
    • January 19, 2024

    @_aDiedericks Check out the combination of SAP's Privileges app (https://github.com/SAP/macOS-enterprise-privileges) for turning a user into an admin on demand, and PrivilegesDemoter (https://mostlymac.blog/2023/05/15/privilegesdemoter-v3-0/) to enforce demotion back to standard after an appropriate amount of time.

    talkingmoose
    Forum|alt.badge.img+36
    • talkingmoose
    • Community Manager
    • January 19, 2024

    Log in to your Jamf Account and sign up for the Jamf Connect beta. 

    kevinv
    Forum|alt.badge.img+2
    • kevinv
    • New Contributor
    • March 18, 2024

    Ask and ye shall receive
    https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Privilege_Elevation_Local_Accounts.html

    Terms & ConditionsCookie settingsAccessibility statement