Use authchanger to default login screen to 'local login'

SteveWalker
New Contributor III

Hi Jamfers!

Is there a way I can use authchanger to force Jamf Connect to display the 'local login' screen by default as opposed to the 'Azure Login' (or whichever IdP screen you might use)

I've managed to use 'sudo authchanger -reset' to switch the Jamf Connect login window off, and 'sudo authchanger -reset -JamfConnect' to turn it back on, but I'd like our users to have easy access to the Azure login option should they require it.

 

The reason: our on-prem WiFi uses 802.1x security and doesn't play nice with Jamf Connect, so users will have to switch to local login when on-site anyway. I'd just like to save them all one less click in the morning :-)

We've looked into workarounds for the WiFi security but local login seems like it is going to be our best course of action as the alternatives would be more hassle than it is worth.

 

Thanks for your help and time!

 

Steve.

1 ACCEPTED SOLUTION

Hihgfxeszd
New Contributor

Unfortunately, there is no direct way to configure authchanger to display the 'local login' screen by default in Jamf Connect. The options you have tried, such as using 'sudo authchanger -reset' or 'sudo authchanger -reset -JamfConnect', only enable or disable the Jamf Connect login window. To save users from an extra click in the morning, you could consider creating a script that automatically selects the 'local login' option when on-site. This script could be triggered based on the network connection or other criteria. Alternatively, you could provide clear instructions to your users on how to quickly switch to the 'local login' option when needed.

View solution in original post

2 REPLIES 2

Hihgfxeszd
New Contributor

Unfortunately, there is no direct way to configure authchanger to display the 'local login' screen by default in Jamf Connect. The options you have tried, such as using 'sudo authchanger -reset' or 'sudo authchanger -reset -JamfConnect', only enable or disable the Jamf Connect login window. To save users from an extra click in the morning, you could consider creating a script that automatically selects the 'local login' option when on-site. This script could be triggered based on the network connection or other criteria. Alternatively, you could provide clear instructions to your users on how to quickly switch to the 'local login' option when needed.

SpotSurv
New Contributor

While authchanger might not have a direct option for this, we can leverage its ability to modify the login window configuration to achieve the desired behavior.

The configuration file is usually located at /Library/Preferences/com.apple.loginwindow.plist.

The configuration file is located at /System/Library/Preferences/com.apple.loginwindow.plist.

Use a text editor like vi or nano to open the file.

Look for the key DefaultUser. If it exists, remove it. This will prevent the system from automatically logging in as a specific user.

If the key DefaultUser doesn't exist, you can proceed to the next step.

Add a new key named DefaultUser and set its value to local. This will force the login window to default to local login.

Example

XML
<dict>
    <key>DefaultUser</key>
    <string>local</string>
    </dict>

Save the changes to the configuration file. Then, Restart your Mac for the changes to take effect.

Considerations

If you're using Jamf Pro, consider creating a policy to manage this configuration file. This will ensure consistent settings across your fleet.

While this will default to local login, users can still choose to log in with Azure AD if needed.

 

 

TellCampero Cash Survey