Jamf Nation Community

KMak84 · ‎04-14-2020

Has anyone had any success to get Cisco AnyConnect VPN start before login on to allow us to deal with the scenario of needing to ship a Mac to a user who is working remotely and who has never logged into the laptop previously

c_kay · ‎04-14-2020

AnyConnect has a command line interface, you could create a launch daemon that connects before login. You’ll need to provide a username and password in your script to connect

/opt/cisco/anyconnect/bin/vpn -s connect [HOST_ADDRESS] <<"EOF"
[VPN_USERNAME]
[VPN_PASSWORD] y
EOF

KMak84 · ‎04-15-2020

@c.kay Is there a way of the end user that has received the machine just to enter their credentials rather than a service/generic account & password

bcbackes · ‎04-15-2020

I'm interested in this as well. This functionality is available for the Windows based version, however, haven't seen this for our Mac environment at all. Maybe I'm missing something?

AdamCraig · ‎04-15-2020

Not familiar with Cisco Anyconnect but we discussed something similar here

https://www.jamf.com/jamf-nation/discussions/35375/vpn-before-login

c_kay · ‎04-16-2020

I guess you could use something like DEPNotify and a script in a Enrollment Customization Configuration to prompt the user for name and password and then call the VPN binary with them to establish a VPN connection

circadmin · ‎06-18-2020

If you looking to add the mobile profile to the account over VPN, I was able to do it by the following steps.

Connect to VPN
Join the machine to the domain
Enable Create mobile account at login (located under Directory Utility)
Open terminal
Use the below script to create a domain account for the user a. This will put the user account on the computer (leave the single quotes):
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -a $adminUsername -U $'adminPassword' -n $USERNAME b. This will cache the user's password so you can log in with them:
dscacheutil -q user -a name $USERNAME

I found the instructions in this article: https://www.jamf.com/jamf-nation/discussions/35250/how-to-offline-add-a-domain-user-to-a-mac

bcbackes · ‎03-23-2021

Resurrecting this thread. Has anyone found a way to get this to work? Ideally, I would like the AnyConnect VPN gui window to popup at the login screen on a Mac. Allowing the user the ability to establish a VPN connection before logging into the Mac. @c.kay referenced that we might be able to use a launch daemon to do this workflow, however, I have no experience with creating launch daemons. Thoughts?

NightFlight · ‎04-06-2021

A custom login window plug-in will need to be created to interface with the above login process. No such dialog controls exist. Cisco should be up on point to create this interface for MacOS - they have the dev team and resources.

isThisThing0n · ‎04-06-2021

And if FileVault is used there is no network activity at the login window anyway.

NightFlight · ‎04-07-2021

This can be used to bring up the login window regardless of FileVault credential pass thru

defaults write /Library/Preferences/com.apple.loginwindow.plist DisableFDEAutoLogin -bool true

Jamf Nation Community

Cisco AnyConnect VPN Start Before Login on