Require Auth during DEP enrollment + Jamf Connect

New Contributor III

Hi All,

Just looking for some feedback or insight in how other company's are using JAMF connect + DEP workflow?

There is a setting for 'Requiring Auth" is this required when the JAMF connect workflow is in place?  Should i just have jamf connect handling the auth via my IDP?
If i turn it on - i need to auth at both Remote Management + JAMF Login screen .. 

If i dont turn it on .. i only need to auth at my JAMF login screen but .. if a user skips RM they can enroll with no auth .. Is this a risk i need to take or is there something else I can do?




Valued Contributor II

We use both. Currently our process is that a tech builds the computer for the user. So, the tech authenticates before enrollment (we use an LDAP screen as part of Enrollment Customization for ADE and require authentication for UIE). The user/tech as the user then logs in to Jamf Connect to create the user account. 

There is a small risk if you do not authenticate as part of enrollment. Someone could enroll the computer in your organizations Jamf, even if they could not log in. Depending on timing and whether you turn on FileVault as part of enrollment, that a bad actor could try and hack the computer even without creating a user. 

One thing you could do, if you use ADE and have setup Jamf SSO, you can have an SSO authentication Enrollment Customization screen pass the login credentials to Jamf Connect. That way Jamf Connect will create the user based on the user that authenticated during enrollment.