Posted on 08-27-2021 07:41 AM
I need some help sorting out an issue that popped up yesterday. The issue was a user was at a hotel and had to be logged in to authenticate to the hotel's wifi therefore no network at the Jamf Connect Login was available.
We are using Jamf Connect Login to authenticate with Azure AD. I've set DenyLocal to true and LocalFalback to true and am wondering with the settings in the plist this way if there is no network will the user be able to log in? The user in question still had an old config loaded that was DenyLocal to false so he still had a local login button and was able to login to connect to the hotel wifi. In the end I don't want DenyLocal = false because when entering the local password to decrypt the drive after a reboot the user skips the Jamf Connect Login and logs straight in.
Posted on 08-27-2021 08:03 AM
Try setting the following preference setting:
`com.apple.loginwindow` -> `DisableFDEAutoLogin` to true. This should force the JCL login window to appear after FileVault, even with DenyLocal set to false. (However, that means any use could log in locally if they wanted )
Posted on 09-02-2021 07:15 AM
I still need to solve the problem of if a Jamf Connect Login enabled mac is not on a network such as when using a hotel wifi where you need to enter your room number and last name to get access to the wifi how will the user be able to login to get on the wifi?
Posted on 09-03-2021 03:35 AM
@davidmundt if you enable the "disableFDEAutoLogin" and set the deny local to false it should get around it. What benifit are you getting from getting the user to authenticate on login, after the intial account is setup? the menu app is still thereif you need to log in.
Posted on 09-08-2021 09:57 AM
forcing users to authenticate through Azure AD using MFA is a security requirement of our organization
Posted on 06-09-2022 07:45 AM
I have the same requirement