Posted on 01-04-2022 12:33 PM
Hello All
I am having an issue where it seems securetoken is not being enabled on our accounts, thus FV2 enablement window shows up and asks to enable but it doesnt work after entering the users password. We are using jamf connect with OneLogin for user accounts. What process is everyone here using to enable FV2?
Solved! Go to Solution.
Posted on 01-04-2022 01:34 PM
Secure token usually gets created for the first user which apparently appears to be your local admin account. So, the only one that can grant a secure token is your local admin. So, you have to login as admin to enable secure token for the user and then FV can be enabled. I also use Jamf Connect with Onelogin as our IDP. I have my prestage setup with the local admin created. I have a config profile for Jamf Connect to enable FV for the first user that logs in and just like you I also have a separate config profile to enable FV. This works for me and the actual user does get secure token and FV does get enabled after restart or logout.
Posted on 01-04-2022 12:42 PM
Hi, how are you deploying Jamf Connect? Are you setting this up in your Prestage for new computer and do you have FV enabled in your config profile for first user? What account has secure token?
Posted on 01-04-2022 12:51 PM
Hello we are pushing Jamf Connect as a prestage. We also have a local admin account created on all the machines and that account has a secure token and FV2 shows enabled for that account in Jamf. FV should be enabled during setup, we use DEP Notify and it has a piece after running where it asks to logout and enable FV2.
Posted on 01-04-2022 12:51 PM
We also have a config profile for enabling FV2 running in Jamf at check in once per day to "catch" any machines where FV2 isnt enabled
Posted on 01-04-2022 01:34 PM
Secure token usually gets created for the first user which apparently appears to be your local admin account. So, the only one that can grant a secure token is your local admin. So, you have to login as admin to enable secure token for the user and then FV can be enabled. I also use Jamf Connect with Onelogin as our IDP. I have my prestage setup with the local admin created. I have a config profile for Jamf Connect to enable FV for the first user that logs in and just like you I also have a separate config profile to enable FV. This works for me and the actual user does get secure token and FV does get enabled after restart or logout.
Posted on 01-10-2022 04:15 PM
Hello,
Thanks for the reply, I actually have it setup with a user as well and they receive a secure token, seems hit or miss. Some users do not get securetoken and filevault enabled but most do. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped working
Script, I used to use for assigning secure token thus FV could be enabled
https://github.com/daveyboymath/Jamf/blob/MacOS/PassSecureToken.sh
Posted on 07-25-2022 11:10 AM
Worse problem here, maybe should be in a new thread...I have a user whose account *has* SecureToken, and who sees the turn-on-FileVault sequence at startup, and still encryption never actually begins (a day later fdesetup reports encryption OFF, but deferred enablement appears on for the user). Is there any option short of nuke and pave?
Posted on 09-26-2022 08:28 AM
I'm running into this as well. Did you find a way to resolve?
Posted on 10-11-2022 03:43 PM
I've actually only run into this one time, so I think it's just a one-off issue for me.
When I go through a prestage enrollment and encrypt at logon it works fine in all other cases.
Posted on 09-26-2022 10:23 AM
Try creating a new plist that enables encryption at log out if you currently have it at log in. exclude them from the current FV2 enablement plist you are using. Ive done this for a few machines and got it to actually encrypt