Help

Disable native login screen

ITTN
New Contributor III

2 weeks ago

Hi, 

How can we disable native user login on mac and have only jamf screen to login . Currently we have a painful process of login for users where they have to enter password twice one for local user and and other for jamf login screen. 

 

0 Kudos
4 REPLIES 4

jamf-42
Valued Contributor II

2 weeks ago

by first login do you mean preboot / filevault.. you can't change that.. other than not having filevault. 

when you login at the filevault prompt that should be parsed through to jamf connect and not require a second login.

Sounds like your local account is not synced / setup correctly with your enterprise login / jamf connect. 

AJPinto
Honored Contributor II

2 weeks ago

The "Native User Login" you are referring to is FileVault, this is unlocking disk encryption not logging in to macOS. Ultimately, it's no different than a user having to unlock BitLocker before logging in to Windows. 

 

By default, macOS will automatically log the user in to the OS after they unlock FileVault. However, this behavior can be disabled by deploying the following configuration profile, which you likely have deployed based on your description. It is actually strongly recommended with Jamf Connect to disable FileVault passthrough authentication, as this feature bypasses Jamf Connect and skips your IDP for authentication. 

 

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DisableFDEAutoLogin</key>
<true/>
</dict>
</plist>

 

ITTN
New Contributor III

2 weeks ago

@AJPinto Thanks for sharing this , so currently we have Okta for authentication on jamf screen , lately its been observed thats its a pain for the user to enter their password twice to login  . will the above expose any security risk when the user will be bypassing okta authentication ? sorry if my question doesn't make sense as i am very new to okta/jamf.

Thanks,

0 Kudos

AJPinto
Honored Contributor II
In response to ITTN

2 weeks ago

will the above expose any security risk when the user will be bypassing okta authentication?

Depends on your organizations risk tolerance. It defeats the purpose of using Jamf Connect to allow users to bypass it entirely. 

If users are getting undesired behavior when logging in to macOS (Jamf Connect Login Window) from Okta, I would suggest having your Identity Management Team check the Okta configuration for the Jamf Connect App integration. You may have it flagged to require MFA for every authentication which is a bit silly except in the most secure of environments. Also review your Jamf Connect Configuration Profile to make sure you have the intended settings configured.

Integrating Jamf Connect with Okta - Jamf Connect Documentation 2.34.0 | Jamf