Help

Jamf Connect Privilege Escalation Solutions

_aDiedericks
Contributor

‎01-18-2024 04:55 PM - edited ‎01-18-2024 04:57 PM

Hi there,

How are some of you handling privilege escalation for temporarily escalating local Standard accounts to Administrator accounts then back down to local Standard accounts?
Currently we have groups set up in Okta that we use to escalate an account, the user has to sign out and log in with NLA for the group change to be read and thereafter they have to signout and back in again with the Administrator group is removed.

Is there no better streamline approach to this that preferably has some sort of logging? Even paid solutions.

0 Kudos
Reply
3 REPLIES 3

sdagley
Esteemed Contributor II

Posted on ‎01-18-2024 07:55 PM

@_aDiedericks Check out the combination of SAP's Privileges app (https://github.com/SAP/macOS-enterprise-privileges) for turning a user into an admin on demand, and PrivilegesDemoter (https://mostlymac.blog/2023/05/15/privilegesdemoter-v3-0/) to enforce demotion back to standard after an appropriate amount of time.

0 Kudos
Reply

talkingmoose
Moderator
Moderator

Posted on ‎01-18-2024 08:25 PM

Log in to your Jamf Account and sign up for the Jamf Connect beta. 

0 Kudos
Reply

kevinv
New Contributor III

Posted on ‎03-18-2024 12:22 PM

Ask and ye shall receive
https://learn.jamf.com/en-US/bundle/jamf-connect-documentation-current/page/Privilege_Elevation_Loca...

0 Kudos
Reply