Passthrough Authentication When Org Passwords Rotate

lizzymiller
New Contributor II

Hi,

We use EntraID for single sign on purposes are my organization. We use JAMF connect to serve our SSO login screen to users when logging into their Macs, and we also use passthrough authentication to streamline the process a bit. In our JAMF Connect config profile, we have OIDCPassthroughAuth set to true and OIDCNewPassword set to false, as per the passthrough auth instructions for EntraID. Here's the issue: we have a password rotation policy in our organization. When the a user's org password rotates, the SSO password they use no longer matches the local account password on their mac, and after the SSO challenge they will have an "incorrect password" error when signing in. Is there a way to make it so that when their organization password rotates, it updates their local account password on their mac? Thank you.

1 ACCEPTED SOLUTION

lizzymiller
New Contributor II

I realized after making this post that we had not configured JAMF Connect correctly. I inherited the project from somebody else who only configured the login window for Connect, not the full software. After configuring the software, it is syncing passwords with Entra ID fine. Sorry for the frivolous post!

 

If anyone else is having this issue, double/triple check that you have a configuration profile for JAMF Connect using the com.jamf.connect preference domain that is separate from the com.jamf.connect.login configuration profile. Cheers!

View solution in original post

1 REPLY 1

lizzymiller
New Contributor II

I realized after making this post that we had not configured JAMF Connect correctly. I inherited the project from somebody else who only configured the login window for Connect, not the full software. After configuring the software, it is syncing passwords with Entra ID fine. Sorry for the frivolous post!

 

If anyone else is having this issue, double/triple check that you have a configuration profile for JAMF Connect using the com.jamf.connect preference domain that is separate from the com.jamf.connect.login configuration profile. Cheers!