We’ve been running into a persistent issue with Jamf Connect (v2.45.1) on devices running macOS 14 Sequoia, where login via Okta intermittently fails after a few reboots. The error we consistently see on the login window is:
An error occurred. Contact your IT administrator. The operation couldn’t be completed. (JamfConnectLogin.JCAuthProviderFactory.FactoryError error 0)
This happens after the machine has been rebooted 2–3 times, even if it initially works fine after provisioning. Some users can click the network icon and select their username to log in using local credentials, but others get stuck at the login screen completely. We’ve verified the machine is connected to the internet when this occurs.
Additionally, the macOS native Microsoft Entra ID login option (added in Sequoia) sometimes appears despite us not using Entra ID at all, which we believe is causing interference or confusion with Jamf Connect.
⸻
Environment:
• Jamf Connect: 2.45.1
• macOS: 14.0 (Sequoia) on Apple Silicon Macs
• Authentication Method: Okta OIDC
• No Entra ID / AzureAD login enabled or intended
• Config Deployment Method: Jamf Pro Configuration Profile using Application & Custom Settings
⸻
What We’ve Tried:
• Disabled the Entra ID login option using a config profile:
<key>com.apple.AA.LoginHook.AuthUI</key>
<dict>
<key>Enable</key>
<false/>
</dict>
• Verified the Jamf Connect Login profile contains all recommended keys:
• OIDCUseLocalAuthentication = true
• OIDCOfflineLoginAllowed = true
• OIDCOfflineLoginTimeLimit = 1440
• OIDCLoginWindowDelay = 10
• DenyLocal = true with DenyLocalExcluded for our local admin account
• Forced re-enrollment, policy refresh (sudo jamf policy), and profile renewals (sudo profiles renew -type enrollment)
• Validated network connectivity on startup
⸻
Current Config:
<key>AllowNetworkSelection</key>
<true/>
<key>AuthServer</key>
<string>[REDACTED-OKTA-DOMAIN].okta.com</string>
<key>CreateAdminUser</key>
<true/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>DenyLocal</key>
<true/>
<key>DenyLocalExcluded</key>
<array>
<string>CSAdmin</string>
</array>
<key>OIDCDefaultLocal</key>
<true/>
<key>OIDCUseLocalAuthentication</key>
<true/>
<key>OIDCOfflineLoginAllowed</key>
<true/>
<key>OIDCOfflineLoginTimeLimit</key>
<integer>1440</integer>
<key>OIDCLoginWindowDelay</key>
<integer>10</integer>
<key>DisableFDEAutoLogin</key>
<true/>
<key>LocalFallback</key>
<true/>
<key>Migrate</key>
<false/>
<key>OIDCIgnoreAdmin</key>
<true/>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Okta</string>
<key>ChangePasswordURL</key>
<string>https://account.activedirectory.windowsazure.com/ChangePassword.aspx</string>
<key>LoginWindowText</key>
<string>If you're offline, Jamf Connect will now log you in automatically using your local password.</string>
⸻
What We’re Looking For:
• Anyone else seeing this behavior on macOS Sequoia?
• Are there known issues with Jamf Connect 2.45.1 and JCAuthProviderFactory in this version of macOS?
• Any suggestions to fully disable Apple’s Entra ID login UI or delay Jamf Connect startup more reliably?
Thanks in advance for any insights!
⸻
