I’m currently rebuilding our enrollment process and testing everything in a Jamf sandbox. So far it mostly works as expected, but I’ve run into an issue that I can’t fully explain.
This is how my flow looks right now.
macOS 26.2
In PreStage Enrollment I deploy:
-
JamfConnectLogin-3.5.0.pkg
-
dialog-2.5.6-4805.pkg (used for Setup Your Mac)
-
icons.pkg (icons used by Setup Your Mac)
When it comes to configuration profiles related to Jamf Connect, I’m using:
-
Jamf Connect License
-
Jamf Connect Login (login window configuration)
-
Jamf Connect Menu Bar
The flow itself:
I start the Mac, choose Enroll, and no local account is created during enrollment. After configuration finishes, I get the Jamf Connect login window (which is exactly what I want and how it works in production). I log in with Okta credentials, the local account is created, and then the “enrollment completed” trigger fires Setup Your Mac. Apps and scripts install as expected.
However, at the same time I get a keychain prompt saying:
“Self Service+ wants to use your confidential information stored in ‘Jamf Connect’ in your keychain.”
This is the part I don’t understand. I know there was a known issue with macOS Tahoe and Jamf Connect versions older than 3.5, I already went through that, and in production I don’t see this problem at all. In the sandbox environment it happens every time, so something is clearly off.
After login, Self Service+ launches automatically. Sometimes it shows that the local profile requires a sync, or the local account isn’t fully there yet. What’s interesting is that a simple restart always fixes everything and after reboot, the account state and Self Service+ look correct.
Any ideas where I should be looking for the root cause?
Thanks
