Help

Ongoing Password Reset and Access Issues with Google Workspace + ABM + Jamf Setup

ecgray
New Contributor

a week ago

We’re encountering recurring issues related to password resets and access across our company’s managed MacBooks, and I’d appreciate any insights from others dealing with a similar stack.

Our Setup

  • User Management: All users are created in Google Workspace.

  • Device Enrollment: These users are synced into Apple Business Manager (ABM).

  • Device Management: ABM is connected to Jamf, which is used to manage our company-issued laptops.

  • Team Structure: We are a remotely distributed team across 10 countries.

  • Security: FileVault and storage encryption are enabled by default via MDM.

Issue Summary

Several teammates have experienced repeated lockouts after password resets, leading to data access issues. While some users successfully regain access via the “Recover Account” option on the macOS login screen, others require the FileVault recovery key to decrypt and access their data.

In my most recent case:

  • One was able to reset the password using iCloud, which allowed them to log in.

  • However, they were then logged out of all services and applications (e.g., DataGrip lost all stored passwords and connection strings).

  • A restart triggered a system state resembling an Apple ID recovery flow.

  • To access encrypted files, they had to enter their FileVault recovery key.

This has happened four times in the last 2-3 weeks, and each time requires a frustrating amount of reconfiguration.

Unclear Areas / Questions

  • Where exactly are these password resets originating? We’ve seen them come from Google Admin and directly from the MacBooks, but ABM and Jamf’s role in the sync process is unclear.

  • Is the password changed on the machine first, or in Google? One teammate shared:

    • First time: Changed on MacBook → prompted to change in Google.

    • Second time: Changed only on MacBook.

  • Does this require a sync from Google Workspace back into ABM or Jamf? We're unsure. ABM offers very limited settings visibility.

Request for Help

If anyone else is using a Google Workspace + ABM + Jamf setup and has insights into:

  • Proper password reset flows that avoid these issues

  • Sync behaviors between Google Workspace, ABM, and Jamf

  • Whether MDM un-enrollment is safe or recommended during troubleshooting

...we’d really appreciate your input.

0 Kudos
Reply
0 REPLIES 0