Help

Enabling FileVault2 in a "Shared" OKTA SSO Environment

thuvarakan
New Contributor II

Posted on ‎04-03-2019 11:19 AM

Hi Everyone,

I have been looking through the various threads on jamf nation, but I was not able to find anyone with our particular setup. I am wondering if anyone is using OKTA (jamf connect) to login to the MacBook, creating a local user account. I have noticed that when I login with another account after a restart it would require the first account created to login first in order access the hard drive. It looks like the secure-token is only being granted to the first account logging into the the unit (as intended by Apple). But I was wondering if anyone have any suggestions in regards to how to setup FileVault2 in order to allow anyone logging into the unit via OKTA SSO to have a secure token given to them. I am thinking it is not possible and an admin account is required to manually provide other accounts on the machine a secure-token.

Thanks!

0 Kudos
1 REPLY 1

sshort
Valued Contributor

Posted on ‎04-03-2019 12:22 PM

Not sure how Jamf Connect is actually creating the user accounts on the backend, but if you're on Mojave (or an APFS-formatted drive in High Sierra) then any additional users created after FileVault is enabled automatically get secureToken and are added to FileVault.

In my testing that means a user created in System Preferences, or using sysadminctl

0 Kudos