Use Jamf Connect Login once for enrolment with Entra, then revert to native MacOS login?

My question is why are you wanting to remove the Jamf Connect App? After the 1st login it just kinda exists and does not interfere with anything.

If you want to revert back to using the macOS login Window just uninstall Jamf Connect.app. Jamf Connect Menu Bar is a separate tool, and has been replaced by Self Service+ so it can be removed also if you so desired.

You may want to look in to Platform Single Signon.

So the only time the user should see the Jamf Connect Login UI is first login, if they log out of their Mac, or the Mac reboots.  Anytime they close the lid or it goes to sleep it should go back to the more standard Mac Login Screen.  However I agree with AJ, you might want to look into Platform SSO and possibly adding Baseline during onboarding to handle app installs.

Sounds like you've combined your Jamf Connect login and Jamf Connect menu bar settings into a single configuration profile. A good practice would be to create three configuration profiles:

1. Jamf Connect login settings
2. Jamf Connect menu bar settings
3. Jamf Connect license

Three profiles allows you to manage each of these pieces separately. And the next time you need to replace your license, you won't need to worry about affecting other settings.

We do exactly what you are looking for (except with Okta instead of EntraID, but that shouldn't matter)

We install Jamf Connect during the PreStage and have the user login using Jamf Connect to create the first user. 

After our setup process is complete, the script runs authchanger -reset to disable the JCL screen. We also ensure that Pass-through authentication is enabled so that users can authenticate at the FV screen and not get a second prompt. 

We don't have any issue with the Jamf Connect Menu Bar application not working after reset JCL. They are independent and the menu bar should continue to run. 

We probably won't go to PSSO anytime soon for a few reasons. 

1. We use several features of Jamf Connect that are not available in pSSO (Kerberos tickets, File Share mounting)
2. Since we use Okta, from all that i have read pSSO on Okta is behind where EntraID is.

We are sticking with the Jamf Connect 2.4X release for the foreseeable future. I don't feel SS+ is ready for primetime, especially in my organization. 

@AJPinto from what I can see, the Jamf Connect menu bar still exists, it’s just been renamed and bundled into Self Service+. But it seems like Self Service+ still relies on the same configuration (or a very similar one) that the old menu bar app did.

That said, Self Service+ isn’t deployed automatically via Jamf Connect/ enrollement yet, it looks like you still need to package and push it yourself, which makes me question whether it’s fully ready as a native replacement.

If there’s a way to ditch the menu bar entirely and still retain password sync, that would be ideal, but right now it doesn’t seem like you can cleanly replace that functionality without relying on either the old menu bar for SS+.

Open to being wrong if there’s a better approach, I’ve just found that a lot of the Jamf documentation around Jamf Connect and Self Service+ seems either redundant or outdated, especially as things have evolved. It’s been tricky to tell what’s still current and what’s been superseded.

We’re definitely interested in Platform SSO longer-term, but it still feels pretty fresh and possibly not quite ready for our setup just yet. Still working through what the cleanest and most reliable long-term direction looks like.

@artillery We’re definitely interested in Platform SSO longer-term, but it still feels pretty fresh and possibly not quite ready for our setup just yet. Still working through what the cleanest and most reliable long-term direction looks like. Have you used it with Entra yet, and if so how has it been?

@talkingmoose thanks - that’s exactly how we have it set up already: separate configuration profiles for Jamf Connect Login, the menu bar, and the license.

I’ll give authchanger -reset another go on a fresh build, but it’s odd because I’ve seen the menu bar app stop working after the reset in my testing (including SS+ not showing the pw sync options etc) so I’m not sure if something in our config is conflicting or something else happened.

Curious if there’s anything specific that needs to persist in the login profile to keep the menu bar running cleanly after disabling login?

Cool, thanks for the help, since testing the authchanger -reset again it works. Dunno I was doing last time but working fine now.

Also agree with holding on PSSO, even with Entra it seems a bit of a process to roll out, doesn't do user creation etc yet and I think will confuse staff until it's properly tried and tested.
We have 7 sites and I don't have the energy to be a guinea pig lol.

@mline Yup we set it up with Entra last summer for student devices and used it the entire school year with our middle school and high school Macs, and went so well we started rolling it out on teacher and admin devices midway through the school year. We are thinking about switching staff over to the Secure Enclave option so their Mac is usable for MFA.  It was a little finiky on our older Intels but it was solid on all the Apple Silicon. My only real complaint was sometimes it took a little longer than I would have liked for the notification to pop up but thats minor to me.  Only needing to type in a passwords 4 times instead of 10+ definatly made it worth while to me.  

@artillery That’s great to hear, sounds like you’ve had a solid run with it.

Are you using Company Portal just for Entra registration and Secure Enclave access, or are you also enrolling devices fully into Intune for compliance?

Also curious how you’re handling the initial account creation — are you still using Jamf Connect Login to create the local account, or have you moved to Prestage + Platform SSO fully? Trying to understand how early in the setup you’re getting the identity linked, and whether password sync kicks in reliably after that.

Any detail on your enrolment flow would be super helpful — keen to hear what’s been working well (and what hasn’t) from your side.