Posted on 03-04-2024 08:52 AM
My org has set up Jamf Connect to sync passwords between my local account and IdP. I do not understand the rationale here, as the 1st rule I ever learned about passwords was to not share them between accounts. Can someone either explain the logic or perhaps link to some relevant docs on why this is a good idea?
Posted on 03-04-2024 09:17 AM
You are correct, that password should not be shared between separate user accounts or separate non-federated IDP accounts. However, a user can have a single password across services that use a given account (hence Single Sign On). For example, Outlook and macOS using the same account should have their password synced to match the password for that same account on the IDP.
MacOS is kinda the odd one out, as it still primarily uses local accounts and wants to be the top password authority. This is where Jamf Connect comes in, to make macOS play nice with IDP accounts. PSSO will eventually render Jamf Connect obsolete, but Jamf connect is up and running and fully functional today and PSSO is not.