SelfService+ wants to access key Jamf Connect

Is the Jamf Connect Menu Bar profile needed, since Self Service+ takes over that role in 3.0 and up? Maybe it’s causing some unintended action to happen? I’m not speaking from a place of confidence on this, just a thought.


 

Something else to check would be Jamf Pro Settings > Computer Management > Security.

Verify in the Automatically install a Privacy Preferences Policy Control profile section you’ve selected Jamf Connect.

I’ve seen this when the login password and login keychain drift during the first post-enrollment sync, especially if Self Service+ launches before everything fully settles.

One easy sanity check is to force the login keychain to match the current account password, then reboot once. This walkthrough is the one I usually hand people: Change your keychain password to match with your login password.

If that clears it, it points more to a password/keychain sync issue than the older Tahoe < 3.5 bug.

When determining whether to configure Jamf Connect, check if the "Password Direct Access" function has been enabled. This can eliminate the need for repeatedly entering the password.

I’m seeing the same issue. Interestingly, it only seems to affect devices that are enrolled completely from scratch (either brand-new devices that were never in the inventory or devices that were removed from inventory and then re-enrolled).

If a device is already in the inventory and you simply wipe it and go through Setup Assistant again, the issue doesn’t occur.

Can’t figure out how to resolve this. 😔

Hi, that particular issue was posted on Jamf support page: https://support.jamf.com/en/articles/12779760-prompt-for-self-service-using-keychain-information-on-macos-26-x

I tried deploying Self Service+ before Jamf Connect as a PreStage package, but I'm still running into the same issue. I’m using the most recent versions of both apps.

What I can't figure out is why the issue only seems to affect devices that don't have a record in Inventory. This doesn't happen when I erase an existing device and redeploy it (by going through exactly the same steps that I would do with a brand new device). My guess is that it may be related to smart groups, since Jamf can take some time to evaluate and update smart group membership for devices that didn't exist in Inventory prior to enrollment.

We had a custom Self-service+ name and users were getting that keychain pop up for self service+. So, we reverted back to the default self Service+ app name and that resolved the issue.

I had actually read about this before, and it was the first thing I checked. However, your comment made me take another look, and that's when I realized my mistake.

I had manually entered “Self Service+” in the Application Header field, assuming that matching the default value exactly would have the same effect as using the default. Apparently, that's not the case. Even though the text was identical, Jamf still treated it as a custom value.

What I needed to do was completely clear the field and leave it blank so it could revert to the “true default value”. As soon as I did that, the keychain prompt stopped appearing on the newly enrolled devices.

It's still a bit strange to me since the app name was 100% identical, the only difference was that it had been manually entered rather than inherited from the default setting.

In any case, thank you for the suggestion and for prompting me to double-check. I'm leaving this comment here in case it helps someone else who runs into the same issue. 🙌