Hello Jamf Nation,
I’m experiencing an issue where new users signing into Jamf Connect using Okta authentication encounter a blank white box with a “Done” button instead of being guided through the MFA enrollment process.
Issue Details:
• This only happens for new Okta accounts that have not yet configured MFA.
• Existing users with MFA already set up can log in successfully without any issues.
• The Jamf Connect login window recognizes the new user but doesn’t properly handle the Okta MFA enrollment flow.
• The expected behavior would be for the user to be redirected to set up MFA, but instead, they get stuck with a blank screen.
Current Jamf Connect Setup:
• OIDC Authentication with Okta
• OIDCAllowMFA is enabled
• DenyLocal = True (Enforcing cloud login when online)
• LocalFallback = True (Allowing cached logins when offline)
• OIDCEmbeddedWebView = True
Troubleshooting Steps Taken:
• Confirmed that Okta policies require MFA enrollment for new users.
• Checked Jamf Connect logs (log stream --predicate 'subsystem == "com.jamf.connect"'), but no clear errors related to MFA setup appear.
• Tested setting OIDCEmbeddedWebView = False, but macOS does not allow launching a full browser pre-login.
• Users can complete MFA setup in a browser (Okta portal), and after that, Jamf Connect login works fine.
Questions:
1. Is there a way to allow Jamf Connect to properly handle the Okta MFA setup flow during first login?
2. Can Jamf Connect be configured to detect when MFA is required and instruct users to complete it in a browser before login?
3. Has anyone else encountered this issue, and if so, what workarounds have worked for you?
Thanks in advance for any insights! 🚀
This post summarizes the issue clearly and invites the community to share potential solutions. Let me know if you’d like any adjustments before submitting!
We are using Jamf Connect version 2.44.0 this is happening on all OS versions we are currently using.
