Help

secure token bypass 'Mojave'

Go to solution
tcandela
Valued Contributor II

Posted on ‎09-10-2019 07:41 AM - last edited 2 weeks ago by Community Manager

what are you guys/gals doing with the 'secure token' popup ?

I don't have FV2 enabled and AD users are getting the popup, so we have them select 'bypass'.

i created a configuration profile, using the custom settings payload i added this .plist file (com.apple.MCX as preference domain932b71d6bc6c4d23b2d11814ddda40e4
)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>cachedaccounts.askForSecureTokenAuthBypass</key> <true/>
</dict>
</plist>

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
john-hsu
New Contributor III

Posted on ‎09-10-2019 08:49 AM

@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.

b6c9f46545cc4b72bce6221fc6a3f2a7
516dc606e6894b0bad38b3f9883e99c6

View solution in original post

Reply
6 REPLIES 6

Go to solution
john-hsu
New Contributor III

Posted on ‎09-10-2019 08:24 AM

Looks like you have the same thing as what is on my JSS. Do you have it set to Computer Level to apply the profile?

0 Kudos
Reply

Go to solution
tcandela
Valued Contributor II

Posted on ‎09-10-2019 08:30 AM

@john-hsu yes i have it set at computer level. the computer is not filevaulted

from my understanding this secure token is not based on whether FV2 is enabled or not, it pops up either way.

is that all you have in that config profile is that single .plist?
is it working?
are all AD users who login for the first time not seeing the securetoken popup?

0 Kudos
Reply

Go to solution
john-hsu
New Contributor III

Posted on ‎09-10-2019 08:49 AM

@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.

b6c9f46545cc4b72bce6221fc6a3f2a7
516dc606e6894b0bad38b3f9883e99c6

Reply

Go to solution
proche9
New Contributor
In response to john-hsu

Posted on ‎09-04-2024 10:46 AM

If this config is removed from a machine with an AD account does the user get prompted? We still have a handful of users with this and are migrating to cloud and are gushy to remove it in case it causes a prompt. 

0 Kudos
Reply

Go to solution
tcandela
Valued Contributor II

Posted on ‎09-10-2019 08:57 AM

@john-hsu i applied it to a mac mini that is AD joined, waiting for a new user to login.

I logged in to the mac mini before applying the config profile (chose bypass), so i assume if i log back in I will not get the actual settings that the config profile sets.

0 Kudos
Reply

Go to solution
tcandela
Valued Contributor II

Posted on ‎09-12-2019 09:59 AM

it works

0 Kudos
Reply
li.common.scroll-to.top