Jamf Connect Login LocalFallback

New Contributor III

I need some help sorting out an issue that popped up yesterday. The issue was a user was at a hotel and had to be logged in to authenticate to the hotel's wifi therefore no network at the Jamf Connect Login was available.


We are using Jamf Connect Login to authenticate with Azure AD. I've set DenyLocal to true and LocalFalback to true and am wondering with the settings in the plist this way if there is no network will the user be able to log in? The user in question still had an old config loaded that was DenyLocal to false so he still had a local login button and was able to login to connect to the hotel wifi. In the end I don't want DenyLocal = false because when entering the local password to decrypt the drive after a reboot the user skips the Jamf Connect Login and logs straight in.



Valued Contributor II

Try setting the following preference setting:

`com.apple.loginwindow` -> `DisableFDEAutoLogin` to true. This should force the JCL login window to appear after FileVault, even with DenyLocal set to false. (However, that means any use could log in locally if they wanted ) 

New Contributor III

I still need to solve the problem of if a Jamf Connect Login enabled mac is not on a network such as when using a hotel wifi where you need to enter your room number and last name to get access to the wifi how will the user be able to login to get on the wifi?

Contributor III

@davidmundt if you enable the "disableFDEAutoLogin" and set the deny local to false it should get around it. What benifit are you getting from getting the user to authenticate on login, after the intial account is setup? the menu app is still thereif you need to log in.

New Contributor III

forcing users to authenticate through Azure AD using MFA is a security requirement of our organization

New Contributor II

I have the same requirement