Suppress Enter a secureToken Administrators name and password to allow this mobile account to use file vault.

markc0
New Contributor III

I have a 10.13.6 fresh build mac with an local admin account created by macOS setup Assistant it has a secureToken, but then i bind the machine to our AD which has the setting enabled for mobile accounts, then login as a AD user and get the prompt Enter a secureToken Administrators name and password to allow this mobile account to use file vault.
You can select bypass but would prefer we dont get this prompt in the first place for non filevaulted machines.
Does anyone know how to suppress this?
thanks

2 ACCEPTED SOLUTIONS

mark_mahabir
Valued Contributor

Take a look at this, works well for us.

View solution in original post

J_Mukite
New Contributor III

Here are the steps I took. From here download the zip file and pull out the config file from the folder. Upload a new config profile, upload the .comfig file, name config profile, save and deploy. That was it for me. Mine is set to auto install at computer level.

View solution in original post

11 REPLIES 11

mark_mahabir
Valued Contributor

Take a look at this, works well for us.

View solution in original post

markc0
New Contributor III

Thanks, However i uploaded this to jamf pro and made a configuration profile of it. Downloaded and installe don a machine and tested.
But i still get the Suppress Enter a secureToken Administrators name and password to allow this mobile account to use file vault. when i login as a cached Managed mobile account. Did you say you have this working on 10.13.6 ?
Or am i doing something wrong here?

J_Mukite
New Contributor III

I also use the profile in the link shared by mark.mahabir and it works perfectly on 10.13.6 machines. These are on machines bound to AD and create a mobile account at login.

J_Mukite
New Contributor III

Here are the steps I took. From here download the zip file and pull out the config file from the folder. Upload a new config profile, upload the .comfig file, name config profile, save and deploy. That was it for me. Mine is set to auto install at computer level.

View solution in original post

markc0
New Contributor III

Thanks, i missed the download zip and was copying pasting the xml.
I guess thats where i went wrong, anyway now i have downlaoded the zip its working fine.

very many Thanks

bpavlov
Honored Contributor

@markc0 @mark.mahabir @J.Mukite I would encourage you all to vote up this feature request and voice your opinion on jamf implementing this.

https://www.jamf.com/jamf-nation/feature-requests/7511/add-support-for-mdm-payload-securetokenauthby...

macOS supports it. Jamf should too.

mark_mahabir
Valued Contributor

Great stuff, upvoted!

Nix4Life
Valued Contributor

Thanks @mark.mahabir ,

worked 100% .

rcarey
New Contributor III

Got the profile set up, and the securetoken message no longer displays when adding a new user, however, now I'm having issues with the user accounts not being able to unlock the volume after a restart, and I cannot enable the user from system preferences.

Anyone else run into this, or know of any workarounds?

dellelo
New Contributor

@J.Mukite Once I've pulled the config file out of the zip folder, where do I upload it to? I don't have experience modifying config profiles so if you could point me in the right direction it would be much appreciated.

kwoodard
Contributor II

Can someone please tell/show how to implement this? I'm still learning how to use Jamf for some of the finer things beyond a basic profile or policy. @J.Mukite perhaps?

Is it just me that this seems like a silly thing to be prompted about when Filevault isn't actually turned on for a drive?