Help

Jamf Connect security creep (admin access on all machines)

Go to solution
fuller1
New Contributor

Posted on ‎07-22-2022 02:53 AM

Hello all,

 

Our organization is preparing to migrate from NoMAD to Jamf Connect. During our preparation, we created two Okta security groups where assigned users will either be granted "Standard" or "Admin" permissons on their local Mac. Once a user is added to the administrative group, their local Mac account is granted administrative permissions to their local machine as expected. However, we realized this user could login to any other Mac and gain local administrative permissions on that machine. In essense, they would potentially have root access to all Macs using Jamf Connect. How have you all navigated this concern? Are you aware of any method to limit the scope of permissions to specific computers?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
fuller1
New Contributor

Posted on ‎08-09-2022 08:22 AM

In case anyone finds this post in the future, there is a solution. I contacted Jamf support and they advised such a scenario had already been considered. A feature in Jamf Connect named "secondary login" will manage permissions for the creation of additional local Mac user accounts.

https://docs.jamf.com/jamf-connect/2.14.0/documentation/Login_Window_Preferences.html?hl=secondary%2...

View solution in original post

Reply
1 REPLY 1

Go to solution
fuller1
New Contributor

Posted on ‎08-09-2022 08:22 AM

In case anyone finds this post in the future, there is a solution. I contacted Jamf support and they advised such a scenario had already been considered. A feature in Jamf Connect named "secondary login" will manage permissions for the creation of additional local Mac user accounts.

https://docs.jamf.com/jamf-connect/2.14.0/documentation/Login_Window_Preferences.html?hl=secondary%2...

Reply