Jamf Connect: When Users forget their password (Azure AD)...

TechSpecialist
Contributor

Hi All,

When a User forgets his password, then we can reset this via the Azure AD / O365 'forgot password' feature. This works just fine for us. But once the password is reset, the user would need to log in with the old password into the local account, but they can't because that password is set to the same previous 'forgotten' one.

How can I create a workflow that doesn't include Admin privileges so that User's can reset their own password and log in with a new one?

12 REPLIES 12

mlawniczak
New Contributor III

Do you have Filevault enabled?

TechSpecialist
Contributor

No I don't have FileVault enabled.

mlawniczak
New Contributor III

We have Filevault enabled, so we are using a modified version of what was outlined by tiredsince1985 in this post:

https://tiredsince1985.com/2019/10/30/jamf-connect-passwords.html

brandon_-_autob
New Contributor III

Did we ever solve this? Currently in the same boat, we however do use FV2.

Cayde-6
Release Candidate Programs Tester

Same boat here, this is a massive issue for my company.

danlaw777
Contributor III

we decided to integrate with azure and intune using company portal. so when a user forgets their password, we can change it via AD that replicates out to azure. we login to the effected mac with our administrator login and update the password from there. then the user signs in and syncs. took us a year.......

@danlaw777 was this by integrating Azure and Jamf only or are you also using Jamf connect?

we also use Jamf connect

TechSpecialist
Contributor

@danlaw777 But that wouldn't work on Macs that have FileVault enabled and are not On-prem now would it? Also, doesn't that mean the admins know the user's passwords? Isn't that a privacy issue?

danlaw777
Contributor III

we have file vault enabled, we dont know their passwords, and it works just fine.

MDerosier
New Contributor

@danlaw777 When you do this, are you able to log into these devices remotely, or is it on-prem? If you're doing this remotely, what are you using to allow that?

we use dameware for remote management. if the users are locked out, i can remote in and log in from there