SecureToken issue and new login screen

ajamfadmin1810
Contributor

Hi All

 

Im having some issues with SecureToken not being assigned, therefore FileVault is never enabled. I created a policy users can run and that will use the admin account and assign a securetoken to the new user. This has been working just fine but now I have a user with a machine that has changed the login process since assigning the securetoken

 

Old workflow:

boot up, jamf connect appears, enter email and password, then verify network password and your in

New workflow:

reboots, asked to select admin or his account , selects his account, is prompted for network password then jamf connect appears

 

I havent changed anything in the process of workflow since creating the policy months back

1 ACCEPTED SOLUTION

So i figured out that the user was not explaning this correctly, jumped on a zoom and confirmed it is the FV unlock screen at reboot. This is normal once FV2 is enabled on machines. 

 

Jamf Connect is a very good product in my opinion for keeping account password in sync locally and through your directory. I dont agree completely with every password being a possible issue, you just need to make sure that you have jamf connect sync setup correctly in the config profile. I can say that managing passwords without Jamf Connect was not fun especially with AD binded macs

 

The SecureToken issue is ultimately caused because a boostrap token isn't found for the machine, I think its an apple issue at that point and not Jamf

View solution in original post

2 REPLIES 2

jpeters21
Contributor II

following out of interest ( I do not currently have Connect) .. but I thought one of the big sell points of connect is the accounts would then be local, hence having a security token. I guess if one of these accounts did not get a security token that probably would have put me full stop till that issue was resolved.

Another sys admin (that  knows nothing about apple devices) kind of referred me to this leaching of the local admin security token method while I was trying to argue for the purchase of Connect, and tested showed every password change has the potential to cause serious issues with this approach (that was really intended for parents to be able to be to control encryption on kids accounts) 

So i figured out that the user was not explaning this correctly, jumped on a zoom and confirmed it is the FV unlock screen at reboot. This is normal once FV2 is enabled on machines. 

 

Jamf Connect is a very good product in my opinion for keeping account password in sync locally and through your directory. I dont agree completely with every password being a possible issue, you just need to make sure that you have jamf connect sync setup correctly in the config profile. I can say that managing passwords without Jamf Connect was not fun especially with AD binded macs

 

The SecureToken issue is ultimately caused because a boostrap token isn't found for the machine, I think its an apple issue at that point and not Jamf