Jamf Connect Privilege Escalation Solutions

_aDiedericks
Contributor

Hi there,

How are some of you handling privilege escalation for temporarily escalating local Standard accounts to Administrator accounts then back down to local Standard accounts?
Currently we have groups set up in Okta that we use to escalate an account, the user has to sign out and log in with NLA for the group change to be read and thereafter they have to signout and back in again with the Administrator group is removed.

Is there no better streamline approach to this that preferably has some sort of logging? Even paid solutions.

3 REPLIES 3

sdagley
Esteemed Contributor II

@_aDiedericks Check out the combination of SAP's Privileges app (https://github.com/SAP/macOS-enterprise-privileges) for turning a user into an admin on demand, and PrivilegesDemoter (https://mostlymac.blog/2023/05/15/privilegesdemoter-v3-0/) to enforce demotion back to standard after an appropriate amount of time.

talkingmoose
Moderator
Moderator

Log in to your Jamf Account and sign up for the Jamf Connect beta. 

kevinv
New Contributor III