TheJamf Connect Login LocalFallback ?

KhayaZondo
New Contributor

I need some help sorting out an issue that popped up yesterday. The issue was a user was at a hotel and had to be logged in to authenticate to the hotel's wifi therefore no network at the Jamf Connect Login was available.

 

We are using Jamf Connect Login to authenticate with Azure AD. I've set DenyLocal to true and LocalFalback to true and am wondering with the settings in the plist this way if there is no network will the user be able to log in? The user in question still had an old config loaded that was DenyLocal to false so he still had a local login button and was able to login to connect to the hotel wifi. In the end I don't want DenyLocal = false because when entering the local password to decrypt the drive after a reboot the user skips the Jamf Connect Login and logs straight in.

3 REPLIES 3

bmortens115
New Contributor III

Your settings for jamf connect sound good. By allowing denyLocal=true, if the computer does not have internet, the user will not be able to login. Mix it with the LocalFallback=true so if the computer does not have internet, the user can sign in with local credentials (which might be a different username than the IdP username) to login and then use the computer.

You can disable the FileVault 2 auto login with a custom configuration profile.

check this out: https://docs.jamf.com/jamf-connect/2.7.0/documentation/FileVault_Enablement_with_Jamf_Connect.html 

about halfway down it shows how to disable filevault autologin so when a computer reboots and the user authenticates for FileVault 2, they are taken to the login window (Jamf Connect) and not auto logged in.

The documentation says that jamf connect denyLocal should disable auto filevault login, but you can also try the com.apple.loginwindow method too

Tasha69
New Contributor

Did you found any solution? because i was facing the same! Toys R Us Credit Card Login

jakeobbe
New Contributor II

I've noticed with Config Profiles, sometimes even when you make slight changes and save, it won't push out the changes to some users. I've found it best to save the Config, delete the old one, and upload a new one with your changes, then save. See if that makes any difference.