Long story, but I'll try to keep it short.
We have Jamf Connect in our environment linked to Azure for user authentication. We wanted this product because it has built in password change features that would synchronize the local system password with the users Azure (network) password and remove the need to bind our Macs to on-prem windows domains. Also we're a mixed environment of Windows and Mac system moving towards Azure cloud services and this would allow us to us ZTI for mac users.
When we click "Change Password" nothing happens. We were able to temporarily resolve this issue by updating our Jamf Connect installs, but this only resolves for maybe 2-3 weeks before we noticed the same issue return, this is effecting all our Jamf managed macs.
I engaged with Jamf support and they requested logs, suggested updating (again) had me try different default browsers. All the same results. Nothing happens, EXCEPT for a short time after updating the Jamf Connect client when it works as we would anticipate.
Fast forward a month or so, I rebuilt the Jamf Connect configuration profiles. We have Azure authentication and Kerberos built into the old profile so I thought maybe that was the problem causing conflicts as sometimes you'd get the Azure web page and other times it was just a macOS window to enter password information into. Deployed to the test group, everything seems fine at first. Again, fast forward 1 week or so, problem has returned.... This is the only Menu button that does nothing. We don't use "Reset Password" in our config.
Jamf support seems as a loss, wondering of anyone on here can help. We are working around it by sending the users the same link we have in the config profile and have them open it in their browser of choice.
I have spoken to Jamf Support about this issue they have let me know it is a reported problem. They said it will be fixed in a future release. You can rollback to 2.7 for now to resolve the issue.
Their response to me:
Thank you for providing the log information. I have done some additional research and I think I have narrowed down the issue. It looks like we are running into PI109837. In this product issue, on Jamf Connect Menu (tested on 2.8 and 2.9), if a Kerberos Realm dictionary is set alongside a ChangePasswordURL key defined to Azure change password url (https://account.activedirectory.windowsazure.com/changepassword.aspx) to cover password change requests outside of the internal network or VPN, the Change Password URL menu action will be ignored. Below I have a workaround to test. - Configure Jamf connect menu with Azure IDP - add the keys ChangePasswordURL and ResetPasswordURL - set ChangePasswordURL to https://account.activedirectory.windowsazure.com/changepassword.aspx - set ResetPasswordURL to https://passwordreset.microsoftonline.com - push the config profile to a test machine, authenticate and confirm both menu items are giving access to the change password and reset password Azure web windows - add a Kerberos dictionary to the plist - make sure you CAN NOT access this Kerberos realm (fake kerberos domain or connected outside of the local network) push this updated profile to the test machine and reopen Jamf Connect - try to open the reset password menu item - try to open the Change Password menu item Let me know how this goes and if it resolves your issue.