Enabling FileVault2 in a "Shared" OKTA SSO Environment

New Contributor II

Hi Everyone,

I have been looking through the various threads on jamf nation, but I was not able to find anyone with our particular setup. I am wondering if anyone is using OKTA (jamf connect) to login to the MacBook, creating a local user account. I have noticed that when I login with another account after a restart it would require the first account created to login first in order access the hard drive. It looks like the secure-token is only being granted to the first account logging into the the unit (as intended by Apple). But I was wondering if anyone have any suggestions in regards to how to setup FileVault2 in order to allow anyone logging into the unit via OKTA SSO to have a secure token given to them. I am thinking it is not possible and an admin account is required to manually provide other accounts on the machine a secure-token.



Valued Contributor

Not sure how Jamf Connect is actually creating the user accounts on the backend, but if you're on Mojave (or an APFS-formatted drive in High Sierra) then any additional users created after FileVault is enabled automatically get secureToken and are added to FileVault.

In my testing that means a user created in System Preferences, or using sysadminctl