Help

Verify Azure_v2 password

shinelol
New Contributor II

Posted on ‎04-22-2025 02:13 AM

Hey guys. Bare with me, I have taken oven my company's JAMF environment and have now faced some issues. 

When logging in to the computer they type in their company email + password then authenticate with MFA. When this is done they face this window "Verify your Azure_V2 password:" and they type in their password and log in. This usually works. But now we have faced issues with user not coming through this step, they are "bounced" back to 365 log in window. 

This is something pretty new, maybe something changed in azure - but not sure how to remove this step. We have "Passtrouh authentication with Jamf Connect" 



 

0 Kudos
Reply
11 REPLIES 11

shinelol
New Contributor II

Posted on ‎04-22-2025 02:14 AM

Image (2).jpg

 Seems the picture did not upload, so here it is

0 Kudos
Reply

shinelol
New Contributor II

Posted on ‎04-22-2025 03:01 AM

I don't seem to be able to edit my post. But I checked the sign in logs for this specific user and it says. "Success" at first, then "Interrupted" Sign in error code 50076 

0 Kudos
Reply

AJPinto
Esteemed Contributor

‎04-22-2025 04:46 AM - edited ‎04-22-2025 04:46 AM

Jamf is only reacting to what M365 is telling it to do, any configuration changes to remove this prompt would come from Entra as it is the IDP looking to verify the user.

  • What do the Jamf Connect and Entra logs say?
  • Have there been any changes in Entra by your Identify Management teams?

To me it seems like a malconfigured Conditional Access policy.

Reply

shinelol
New Contributor II
In response to AJPinto

Posted on ‎04-22-2025 04:59 AM

50076.png

Thank you for your reply

Here are some logs of the user. I could log in to his computer offline with our Local admin password so we could back up his files - also tried to reset his password to his old password he had before but same issue. 
Will also try to exclude MFA from JAMF connect in Azure to see if that helps

0 Kudos
Reply

Dan_181
New Contributor

Posted on ‎04-22-2025 05:43 AM

We had the same issue and had to add some additional lines to our Jamf Connect Login plist to enable passthrough authentication.

Add the following keys to your Jamf Connect Login plist:
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCNewPassword</key>
<false/>

 

The “verify” prompt is related to the way Jamf Connect handles passwords (firstly users type in password to login window web view, then the process is repeated for Jamf Connect local login). You can reduce the number of password requests displayed on the screen by enabling Passthrough Authentication: https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Passthrough_Authenticati...
This way, verify screen can be skipped.

0 Kudos
Reply

shinelol
New Contributor II
In response to Dan_181

Posted on ‎04-22-2025 07:17 AM

Thank you! It seems we already had this enabled.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>OIDCProvider</key>
    <string>EntraID</string>
    <key>OIDCNewPassword</key>
    <false/>
    <key>OIDCUsePassthroughAuth</key>
    <true/>
    <key>OIDCClientID</key>
    <string>XXXXXXXXXXXXXXXX</string>
    <key>OIDCROPGID</key>
    <string>XXXXXXXXXXXXXXXXX</string>
    <key>OIDCRedirectURI</key>
    <string>https://127.0.0.1/jamfconnect</string>
    <key>OIDCTenant</key>
    <string>XXXXXXXXXXXXXXXX</string>
    <key>CreateJamfConnectPassword</key>
    <true/>
    <key>LocalFallback</key>
    <true/>
    <key>DenyLocal</key>
    <true/>
    <key>Migrate</key>
    <true/>
    <key>MigrateUsersHide</key>
    <array>
      <string>jadmin</string>
      <string>lokadmin</string>
    </array>
    <key>AllowNetworkSelection</key>
    <true/>
    <key>ROPGProvider</key>
    <string>Azure_v2</string>
    <key>ROPGTenant</key>
    <string>XXXXXXXXXXXXXXX</string>
    <key>ROPGRedirectURI</key>
    <string>https://127.0.0.1/jamfconnect</string>
    <key>CreateNewUserHide</key>
    <true/>
    <key>ChangePasswordURL</key>
    <string>https://mysignins.microsoft.com/security-info/password/change</string>
  </dict>
</plist>

0 Kudos
Reply

BGhilardi
New Contributor III

Posted on ‎04-24-2025 06:31 AM

We experience exactly the same phenomenon, but only when connected to our internal network. If we're outside (working remotely, for example), we don't have password verification.
The settings are correct, however, according to the documentation.

0 Kudos
Reply

shinelol
New Contributor II
In response to BGhilardi

Posted on ‎04-24-2025 06:35 AM

I might have found a solution. I created an entirely new Jamf Connect Login plist, scoped it to my computer, and excluded my machine from the old plist. After doing that, the "Verify V2_password" prompt disappeared.

I’m planning to test this on a few more machines before rolling it out more broadly, but it could be worth trying on your end as well.

By the way, do you happen to use Meraki and GlobalProtect?

Reply

BGhilardi
New Contributor III

Posted on ‎04-24-2025 06:43 AM

Neither.
What change did you make?

0 Kudos
Reply

shinelol
New Contributor II
In response to BGhilardi

Posted on ‎04-24-2025 06:56 AM

 

 

The old configuration profile was using Jamf Connect version 2.35, which I made sure to remove from the new profile I created.
I set the identifier to com.jamf.connect.login and used mostly the same plist, just cleaned out some unnecessary items.
I also made sure to include the following keys in the new config:

 

<key>OIDCUsePassthroughAuth</key>
<true/> <key>OIDCNewPassword</key> <false/>
0 Kudos
Reply

shinelol
New Contributor II
In response to shinelol

Posted on ‎04-24-2025 06:57 AM

<key>OIDCUsePassthroughAuth</key>
<true/>
<key>OIDCNewPassword</key>
<false/>

0 Kudos
Reply