Jamf Connect Issues

gongosinc
New Contributor

A bit confused by a few issues im running into.
1. The first time the computer boots, it takes me to my normal mac login to the admin account. After i am into that account if i click logoff, it takes me to the jamf connect screen. Any reason it isn't taking me to the jamf connect screen first?
2. One i'm at the jamf connect portal, i enter the credentials to the IDP portal. After that it take me to a screen with only jamf conenct and says "Please re-renter your password". After I do this i receive the error "ROPG check failed. Bad Password"

Any help would be very appreciated.

8 REPLIES 8

gachowski
Valued Contributor II

FileVaut? Jamf Connect or any other product can't work at the FileVaut login window..

C

gongosinc
New Contributor

@gachowski FileVault is not turned on, Thoughts?

jamiebuckell
New Contributor

Any update on this? I am having the same issue.

bassic
New Contributor III

Me too 😞

MagicMick
Contributor

Sound like you have FileVault enabled. When FileVault is enabled, then upon turning on the mac you will only see a selection of accounts that have a secure token, and thus can unlock the mac. The unlock process then automatically becomes the login process (same login/pass) and thus you'll land straight into your desktop/account. If you then log out, you'll end up in the regular log-in screen (the one you would see if FileVault isn't enabled).

In your scenario number 2 you have an issue with the password not being the same as the IDP. If you agree with that statment, then try to login via the Local Login button (if this is enabled in your jamf connect settings) and log in via local account username and known local login password. Then I suggest you priorities the synchronisation between the IDP and Local account. This all depends on which IDP you use and how the Jamf Connect Settings are set- up.

Lastly, If you want the same user to be able to unlock the hard drive at a restart/boot up, then you'll need to make sure that user has a secure token. There are quite a few ways to get this sorted, but they're all very difficult to manage remotely.

I suggest you check-out @frederick.abeloos 's https://travellingtechguy.eu blog page, and I can highly recommend buying his book. It explains all about FileVault, secure tokens and Jamf Connect.

rabbitt
New Contributor III

Refer to https://www.jamf.com/jamf-nation/articles/682/using-filevault-with-jamf-connect - Jamf Documentation Link for information on how FileVault works with macOS.

For your second issue, have you made a configuration with Jamf Connect Configuration? There is a button in the upper right corner of the app that allows you to test your IdP configuration. If you have a hybrid Azure/AD environment, check https://www.jamf.com/jamf-nation/articles/702/understanding-jamf-connect-authentication-with-azure-ad-hybrid-identity-solutions Jamf Documentation Link for information on how to set up an ROPG app with ADFS if needed.

If you're still in an evaluation environment, reach out to your AE/SE for help. If you're deploying to production, your Jamf support buddy can help and will ask for logs - See Collecting Logs in Jamf Connect

TTG
Contributor

@gongosinc

Issue 1: how are you deploying Janf Connect?

I presume prestage (dep) on clean wiped mac but prestage package or @enrolment trigger?

If Filevault is bot the issue the it’s either the install of the package or the authchanger.

If User Initiated Enrolment, probably FileVault related as you actually don’t see the login window but the FV unlock screen. Looks the same but is not.

If FV is enabled and you do not deny local auth in Jamf Connect, you authenticate to FV which then passes the authentication to the login window loading in the background next. Hence bypassing Jamf Connect.

Issue 2: do you have ADFS federation on? This is a big thing with Azure as iDP and you need a hybrid setup.

(Alternatively look at my latest finding regarding AllowCloudPassword Validation, worth checking if that works: https://travellingtechguy.eu/?s=Adfs)

Geelcey
New Contributor II
New Contributor II

Hi All,

i have come across this issue recently. I logged into my Azure environment and selected my Jamf Connect Login App under app registrations, i granted admin consent (again just to be safe) i then went to the authentication option on the left, down the bottom you will see 'default client type' under Advanced settings. Make sure this is set to 'Yes'

Once i did this i could then login and it would sync with jamf connect verify once again. Once again it could be a different issue but worth checking.

Hope that helps