secure token bypass 'Mojave'

tcandela
Valued Contributor

what are you guys/gals doing with the 'secure token' popup ?

I don't have FV2 enabled and AD users are getting the popup, so we have them select 'bypass'.

i created a configuration profile, using the custom settings payload i added this .plist file (com.apple.MCX as preference domain932b71d6bc6c4d23b2d11814ddda40e4
)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict> <key>cachedaccounts.askForSecureTokenAuthBypass</key> <true/>
</dict>
</plist>

1 ACCEPTED SOLUTION

john-hsu
New Contributor III

@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.

b6c9f46545cc4b72bce6221fc6a3f2a7
516dc606e6894b0bad38b3f9883e99c6

View solution in original post

5 REPLIES 5

john-hsu
New Contributor III

Looks like you have the same thing as what is on my JSS. Do you have it set to Computer Level to apply the profile?

tcandela
Valued Contributor

@john-hsu yes i have it set at computer level. the computer is not filevaulted

from my understanding this secure token is not based on whether FV2 is enabled or not, it pops up either way.

is that all you have in that config profile is that single .plist?
is it working?
are all AD users who login for the first time not seeing the securetoken popup?

john-hsu
New Contributor III

@tcandela Yes, this is all I have. We use this config profile for our Mac labs so that users logging in do not receive the SecureToken Prompt. It is working with the current build of macOS Mojave 10.14.6.

b6c9f46545cc4b72bce6221fc6a3f2a7
516dc606e6894b0bad38b3f9883e99c6

View solution in original post

tcandela
Valued Contributor

@john-hsu i applied it to a mac mini that is AD joined, waiting for a new user to login.

I logged in to the mac mini before applying the config profile (chose bypass), so i assume if i log back in I will not get the actual settings that the config profile sets.

tcandela
Valued Contributor

it works