Help

Enforce Okta Password reset.

erichughes
Contributor II

Posted on ‎03-26-2019 08:57 AM

We have recently moved to Jamf and Jamf Connect - Okta integration. Seems to work great for authentication so far. However we have a 60 day password update policy and that does not seem to enforce via the Jamf Connect mechanism. If the user exists on the computer the old / expired password is still accepted to log into the computer. If the User does not exist on the system the user is prompted to reset the password before the local account is created. So I know the mechanism is there for the reset, just not enforced for the existing user account. Being new to this integration I'm likely missing something.

Reply
4 REPLIES 4

banksjamf
New Contributor

Posted on ‎05-14-2019 01:38 PM

We use OKTA and have a similar 90 day password expiry. You can use the chrome extension to push the okta login to the app which will check if it is the same as the laptop.

0 Kudos
Reply

selleos
New Contributor II

Posted on ‎07-22-2019 11:43 AM

We have the same Okta+90policy, wish Jamf Connect would show the timer in the dropdown window. The only way to see this is when you login which is somewhat helpful not ideal for a password sync solution in my mind.

0 Kudos
Reply

paula_mendez
New Contributor II

Posted on ‎07-17-2020 06:28 PM

Hi @erichughes - I use JC Sync only (no login) and this is what I came up with
Extension Attribute that checks whether password syncs:

 #!/bin/bash
 jamf_connect="/Applications/Jamf Connect Sync.app"
 loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
 isCurrent=$(defaults read /Users/"$loggedInUser"/Library/Preferences/com.jamf.connect.sync PasswordCurrent)

 if [ $isCurrent == 0 ]; then
     echo "<result>No</result>"
 elif [ $isCurrent == 1 ]; then
     echo "<result>Yes</result>"
 else
     echo "<result>Jamf Connect Not Installed</result>"
 fi

Then I have a script that runs at every check in to pull up open jamfconnectsync://signin if the answer to the EA above is No

Reply

pmac789
New Contributor
In response to paula_mendez

Posted on ‎03-08-2022 09:13 PM

Hi Paula,

Did you create a smart group for it after adding this to the EA? if so, what were your Criteria for the smart group?

 

0 Kudos
Reply