Jamf Connect Login

ghloeffler12
New Contributor

I had a question about configure Jamf Connect Login.


We are a small company of about 100 macs and most users are on local accounts that have admin rights. 

Because most of our users are on local accounts we wanted to bring in Jamf Connect for the password sync functionality between Azure and the local user accounts. This is something we had looked at previously but have never tried to implement.

During testing we noticed that Jamf Login was converting those admin user accounts back to standard accounts. I believe this is because we have the users listed as standard accounts on Azure.  We did try using the Jamf Login configuration options to assign the admin role but it's looking like you have to have to set it up on both Azure and the configuration profile. 

The main problem with configuring it in Azure is that from talking to Jamf support that will give a user admin access to any machine they log into that has Connect on it. Is there a way to bypass the Jamf login portion? Or to let the users keep their admin access on their local accounts without giving them the same level of access on other devices?


Thanks!

2 REPLIES 2

akw0045
New Contributor II

I made a self service option for the 1 offs that don't need to be admin on every jamf connect computer.

it just runs this:

authchanger -reset

 

that'll reset you to the default apple log in screen.

The special cases get this work flow:

  • Jamf Connect Login to create account and get them added to filevault
  • default apple log in after they get created
  • make them admin. (they'll stay admin as long as they don't sign into the computer through Jamf Connect Login)

Tribruin
Contributor III
Contributor III

It looks like you have have the OIDC User Role settings setup in Azure and your config profile. Check this link out:

https://docs.jamf.com/jamf-connect/2.4.5/documentation/Login_Window_Preferences.html#ID-00007186

 

Try setting the preference `OIDCIgnoreAdmin` to true to prevent Jamf Connect from changing the user roles.