Enforce Okta Password reset.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-26-2019 08:57 AM
We have recently moved to Jamf and Jamf Connect - Okta integration. Seems to work great for authentication so far. However we have a 60 day password update policy and that does not seem to enforce via the Jamf Connect mechanism. If the user exists on the computer the old / expired password is still accepted to log into the computer. If the User does not exist on the system the user is prompted to reset the password before the local account is created. So I know the mechanism is there for the reset, just not enforced for the existing user account. Being new to this integration I'm likely missing something.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 05-14-2019 01:38 PM
We use OKTA and have a similar 90 day password expiry. You can use the chrome extension to push the okta login to the app which will check if it is the same as the laptop.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-22-2019 11:43 AM
We have the same Okta+90policy, wish Jamf Connect would show the timer in the dropdown window. The only way to see this is when you login which is somewhat helpful not ideal for a password sync solution in my mind.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-17-2020 06:28 PM
Hi @erichughes - I use JC Sync only (no login) and this is what I came up with
Extension Attribute that checks whether password syncs:
#!/bin/bash
jamf_connect="/Applications/Jamf Connect Sync.app"
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
isCurrent=$(defaults read /Users/"$loggedInUser"/Library/Preferences/com.jamf.connect.sync PasswordCurrent)
if [ $isCurrent == 0 ]; then
echo "<result>No</result>"
elif [ $isCurrent == 1 ]; then
echo "<result>Yes</result>"
else
echo "<result>Jamf Connect Not Installed</result>"
fi
Then I have a script that runs at every check in to pull up open jamfconnectsync://signin
if the answer to the EA above is No
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-08-2022 09:13 PM
Hi Paula,
Did you create a smart group for it after adding this to the EA? if so, what were your Criteria for the smart group?