Jamf Connect Pre-Stage Enrollment Browser Window?

jawanza
New Contributor

After 2 full days of tinkering around with Jamf Connect, I successfully got it all working for our fleet of machines. I currently have a question: I wondered if it is possible to launch a browser window during the enrollment process. I ask this as since the MacBooks are utilizing Okta as an IdP for logging into Jamf Connect. The initial login would technically fail as the new user doesn't have a way to set his/her password until they are in the machine. Of course, they could do this on their laptop, but I would like to move from utilizing personal devices for Onboarding new employees. Launching a Browser window during enrollment would alleviate the issue of having Okta credentials synchronized which would be helpful when making the first login for the machine.

1 ACCEPTED SOLUTION

mikevandelinder
Contributor
Contributor

@jawanza if an Okta account requires a password change, the Connect login window can prompt the user to make those changes during the login flow. In that way, Okta accounts can be configured to require users to change their password on first login. Users will sign in to their account on the Mac using their temporary Okta credentials. They will be prompted to update their password. And as long a the new password meets the password policies, the new account will be created on Mac with the user's updated Okta password.

Screenshot 2022-12-12 at 10.03.15 AM.png

Additionally, you can declare a HelpURL in your Connect login window preferences. A "Get Help" button will be visible across the bottom of the login window, and clicking that button will open a web view to the desired URL. If you set that address to the Okta portal, then users can sign in to their accounts and make changes.

 

View solution in original post

5 REPLIES 5

Robins5on
New Contributor II

Hello,

You can use a PreStage enrollment to deploy your Jamf Connect package, configuration profiles, and packages of custom files and images.
All information is here: https://docs.jamf.com/jamf-connect/2.16.0/documentation/Deploying_Jamf_Connect_using_a_Jamf_Pro_PreS.../MyCenturaHealth Login

 

Thanks,

McAwesome
Valued Contributor

One work around you could do for users in that kind of situation is to use the HelpURL key for the login window and have that point to the URL for Okta's password create/reset tool.  This gives the user a way to set their password through an embedded browser window from the laptop without having to sign in first.  It's not ideal, but it is a decent work around for those onboarding scenarios.

We use the help URL for this. Our users have to configure Okta multi-factor, factors at first login as well as change their password. So the help URL just points to our main Okta login page. It is a bit repetitive, enter user name and password, change password, login again and then again.

mikevandelinder
Contributor
Contributor

@jawanza if an Okta account requires a password change, the Connect login window can prompt the user to make those changes during the login flow. In that way, Okta accounts can be configured to require users to change their password on first login. Users will sign in to their account on the Mac using their temporary Okta credentials. They will be prompted to update their password. And as long a the new password meets the password policies, the new account will be created on Mac with the user's updated Okta password.

Screenshot 2022-12-12 at 10.03.15 AM.png

Additionally, you can declare a HelpURL in your Connect login window preferences. A "Get Help" button will be visible across the bottom of the login window, and clicking that button will open a web view to the desired URL. If you set that address to the Okta portal, then users can sign in to their accounts and make changes.

 

jawanza
New Contributor

I ran through the entire process yesterday and when the user is a freshly onboarded employee, it automatically opens a window to even set up their Multifactor Authentication which then allows them to completely go through the entire setup. 

Thank you again so much for everyone's help. I may still use the HelpURL in the event that the window does not pop up.