Jamf Nation Community

You need two sets of credentials: one for a secure token admin on the system, and one for the account you are assigning a secure token to.

If only the user has a secure token in your workflow, you need their username and password to grant a token to another account.

One callout... if you have your JAMF environment setup to randomly generate your management account password.

You wouldn't be able to enable SecureToken for the management account.

@trippmcc the password of the management account is not generated randomly ! is there a way to enable secure token on that account ?

Unfortunately, There is no way to automate this.. The 1st local account must be logged into physically before it gets the securetoken.
Pain in the ass really... I have set my prestage with locked admin username, then the IT support person will just login to that account. Then, when bootstraptoken came along, it grants securetokens to any new user mobile or local.

My management account is set to random password so this doesn't help me, but you can add with a script in non-interactive mode:

/usr/sbin/sysadminctl -adminUser LocalUserWithSecureToken -adminPassword HasItAccountPassword -secureTokenOn LocalUserThatNeedsSecureToken -password NeedsItAccountPassword