+3Wondering if anyone has a work around for this issue we're encountering.
If I set up a new user in Okta and set a temp password and the user has never logged into a machine it pops up a window and walks them through setting a new password and MFA, however once that user exists on the machine and they forget their password if I reset the password and specify a temp password the temp password doesn't allow them to log in at all
+26JAMF connect, and any other tool really just sync the IDP password to the Mac. The Mac still uses a local account, and has that accounts password stored in the keychain. The user must unlock the Mac with the local password the keychain has, then log in to Jamf Connect Menubar (okta) with the new password and finally unlock the keychain with the old password to allow JAMF Connect to update the keychain (login) password. This is not a limitation of JAMF Connect or its competitors, as this is how Apple has designed the login keychain to work.
The best way to approach a password reset is with the FileVault recovery. This will force the user to update their keychain password which will let them log in to macOS. For the Okta password I recommend against using temporary passwords due to the convoluted syncing process. Send the user to your Okta portal once they are in to macOS and have them use the forgot password option to reset their password. From there they can use the new Okta password to log in to JAMF Connect Menubar and start the process to sync everything up.
If you forgot your Mac login password - Apple Support
TL;DR: Resetting a password in Okta does not automagically update the macOS Login password. The user still needs to log in to macOS with the old password to attempt to sync the passwords.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
