Jamf Nation Community

ITFRANCE · ‎04-19-2020

Hello,

I use Jamf Connect Login, I would like the Dep notify window (https://gitlab.com/Mactroll/DEPNotify) to launch after login, a bit like the Notify Mechanism integrated in Jamf Connect.

Only, unlike Notify, it only launches after the user's desktop is displayed.

Do you know how to make it run right after logging in to Jamf Connect Login?

I deploy the package and the script during enrollment prestage for information.

Thanks.

amccarty · ‎04-19-2020

You can do this by deploying the Jamf Connect package and Notify script as part of one custom signed package (created in Composer for example). You'd then have a post install script on that package which essentially installs the Jamf Connect package from the source folder, then uses the authchanger mech to include the script as well as your IDP authentication.

Here's what the package source would look like:

Here's an example of a basic post install script:

#!/bin/sh

# Log all echo events to logfile
exec &> /private/tmp/jcinstalllog.txt

# Install Jamf Connect Login
installer -pkg /private/tmp/JamfConnectLogin.pkg -target /

sleep 5

# Enable DEP Notify Mech
/usr/local/bin/authchanger -reset -OIDC -preAuth JamfConnectLogin:RunScript,privileged JamfConnectLogin:Notify

You also need to define the script's location in the Jamf Connect Login PLIST using the "ScriptPath" key, so in my example above the string for that would be /usr/local/bin/NotifyLoginScript.sh.

Then, as part of your notify script you can put another authchanger command in there similar to the one in the post install script you created to reset the loginwindow back to normal if you want, or just back to the IDP authentication without the script following it.

EDIT: Sorry, only just noticed after posting the part about you wanting to use DEP Notify as opposed to the built in Notify. To answer your question, not that I know of. Is there anything in particular you're trying to achieve with DEP Notify that you're not getting with the Notify mech in Jamf Connect?

KyleEricson · ‎04-19-2020

@ITFRANCE Look at this article I have done is for over 4 Jamf deployments. HCS DEPNotify Signed

Read My Blog: https://www.ericsontech.com

ITFRANCE · ‎04-20-2020

Hello,

Thank you for your answers,

So I'll use the built-in notification mechanism of Jamf Connect, it's easier.

On the other hand, I have a small question, I have just seen that each time I restart my NOTIFY script is reboot and it reinstalls the software, what is the best solution in this case, delete the script after the first use?

I attached a screenshot of my script.
Thanks ;)

peternbevan · ‎04-20-2020

Does Jamf Connect allow user input for things like Computer Name and Role - that is a useful feature of DEPNotify?

DBrowning · ‎04-20-2020

@ITFRANCE It sounds like you want an experience like this.

Here is a great article to follow. The part of you script runs each time you reboot sounds like you are not changing the authchanger at the end of your script.

amccarty · ‎04-20-2020

Yep, at the end of my actual Notify script I always add the authchanger command to take the script off so it doesn't keep running every time like you're seeing.

If you want to keep the IDP authentication each time with no notify script every time add the following to the end of your Notify script:

/usr/local/bin/authchanger -reset -OIDC -preAuth

If you want to revert back to the native Mac OS login window add this to the end of the Notify script:

/usr/local/bin/authchanger -reset -loginwindow

ITFRANCE · ‎04-20-2020

Thank you all for your answers, I've come a long way.

Just one little thing (it's my manic side), while the Notify window is advancing, if I press space (or maybe another key), the message "testing" appears, do you think it's possible to remove the message? I can't figure out where it's coming from.

Thank you

Jamf Nation Community

Jamf Connect Login + Dep Notify