How to bypass Jamf Connect Log in to Azure AD in some certain conditions

JamfProAccent
New Contributor

Hi all 

I am using Jamf Pro cloud and Jamf Connect 2.10 version with Azure AD and MFA authentication. I have turned on FIlevault using Jamf connect. 

 

I usually have dual log in, the first log in to decrypt filevault and second log in which is Jamf connect/Azure AD MFA log in

 

Everything work fine but recently we have received feedback how to bypass Jamf connect login/Azure login in some scenario and user only need to perform local account log in:

 

1. for instance only ask for Azure/Jamf connect log in if network change

2. Dont ask for Azure/Jamf connect log in if the device is on for last 7 days

...

 

Just wonder if anyone ever successfully implemented Jamf connect bypass with some conditions before? 

 

Have seen the configuration profile below to disable Filevault automatic log in 

 

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DisableFDEAutoLogin</key> <true/> </dict> </plist>

 

If the value set to false I believe my MAC should not ask for Jamf connect log in. Tested but seem to not work 

1 REPLY 1

AJPinto
Honored Contributor III

You could adjust the launch daemons for JAMF Connect I suppose. Adding functions to check for your conditions and suppress JAMF connect if the conditions are met. However, I am sure the further away from to of box the further from official support you will get. 

 

Why are you wanting to do this? We just tell people to click the Local Login button. Is there a reason clicking "Local Login" is not sufficient?