Jamf Nation Community

AntonyaJ · ‎04-22-2022

Jamf Connect has been working in our environment for a few weeks, but we've run into some issues with MFA with security keys.

On a computer undergoing prestage enrollment, an SSO window appears prior to configuration. MFA works without issue. After prestage completes, the SSO window appears again. At this point, it should be creating the local account, and connecting to AzureAD. However, if the account is authorized to use a FIDO2 security key, the MFA page will hang.

Following this guide, I was able to get MFA working successfully for most logins without issue even with a security key authentication available except when logging into the computer. For all other logins, I don't run into any errors on MFA unless it's when I actively choose Windows Hello/Security Key.

Spinning after entering password on SSO page.

AntonyaJ · ‎05-02-2022

After working with support, this is the answer I was given. Sharing for posterity.

Unfortunately, Jamf Connect nor the Enrollment Customization feature support FIDO2 MFA. This is because macOS does not support FIDO2 in wkwebview (aka WebKit), which is what Jamf Connect and Jamf Pro use for SSO authentication through Jamf Connect Login and Enrollment Customization SSO Panes, respectively.

It was also suggested I create a policy in AzureAD to exclude Jamf Connect from FIDO2 MFA.

View solution in original post

AntonyaJ · ‎05-02-2022

After working with support, this is the answer I was given. Sharing for posterity.

Unfortunately, Jamf Connect nor the Enrollment Customization feature support FIDO2 MFA. This is because macOS does not support FIDO2 in wkwebview (aka WebKit), which is what Jamf Connect and Jamf Pro use for SSO authentication through Jamf Connect Login and Enrollment Customization SSO Panes, respectively.

It was also suggested I create a policy in AzureAD to exclude Jamf Connect from FIDO2 MFA.

Jamf Nation Community

Azure AD MFA and FIDO2