Skip to main content

Hello all,

 

Our organization is preparing to migrate from NoMAD to Jamf Connect. During our preparation, we created two Okta security groups where assigned users will either be granted "Standard" or "Admin" permissons on their local Mac. Once a user is added to the administrative group, their local Mac account is granted administrative permissions to their local machine as expected. However, we realized this user could login to any other Mac and gain local administrative permissions on that machine. In essense, they would potentially have root access to all Macs using Jamf Connect. How have you all navigated this concern? Are you aware of any method to limit the scope of permissions to specific computers?

In case anyone finds this post in the future, there is a solution. I contacted Jamf support and they advised such a scenario had already been considered. A feature in Jamf Connect named "secondary login" will manage permissions for the creation of additional local Mac user accounts.

https://docs.jamf.com/jamf-connect/2.14.0/documentation/Login_Window_Preferences.html?hl=secondary%2Clogin

Terms & ConditionsCookie settings