Skip to main content

Hello,

I'm currently working on a mass deployment of Jamf Connect Login for Azure. The primary goal is to demobilize accounts on a mass scale. However, I am keen on ensuring that this deployment process is as silent and non-disruptive to our users' workflow as possible.

Here's what I have for my current .plist configuration for Jamf Connect Login:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AllowNetworkSelection</key>
<true/>
<key>CreateNewUserHide</key>
<true/>
<key>CreateJamfConnectPassword</key>
<true/>
<key>LicenseFile</key>
<data>*license key value*</data>
<key>OIDCAdminAttribute</key>
<string>roles</string>
<key>OIDCClientID</key>
<string>*client_id*</string>
<key>OIDCNewPassword</key>
<false/>
<key>OIDCProvider</key>
<string>Azure</string>
<key>OIDCROPGID</key>
<string>*client_id*</string>
<key>OIDCRedirectURI</key>
<string>https://127.0.0.1/jamfconnect</string>
<key>OIDCTenant</key>
<string>*tenant_id*</string>
<key>OIDCUsePassthroughAuth</key>
<true/>
<key>DenyLocal</key>
<true/>
<key>DenyLocalExcluded</key>
<array>
<string>helpdeskv2</string>
</array>
<key>LocalFallback</key>
<true/>
<key>Migrate</key>
<false/>
<key>MigrateUsersHide</key>
<array>
<string>helpdeskv2</string>
<string>jamf_manage</string>
</array>
<key>DemobilizeUsers</key>
<true/>
<key>OIDCAdmin</key>
<array>
<string>Administrator</string>
</array>
<key>CreateAdminUser</key>
<true/>
<key>OIDCIgnoreAdmin</key>
<true/>
</dict>
</plist>

In my testing, I managed to prevent the Jamf Connect login window from popping up every time a user logs in. However, I found that Jamf Connect did not start at all after the login. Is there a way to ensure that Jamf Connect runs silently in the background, without a need for the login prompt, while still functioning as expected?

Also, during my preliminary testing, I noticed that the Jamf Connect Login screen for Azure gets displayed after a system reboot. My concern lies with the possibility of this potentially bewildering users who aren't accustomed to it. Is there a process to get around this screen, while still ensuring all functionalities of Jamf Connect are intact and operating as expected?

For the run at login you should likely just need to deploy the bundled JamfConnectLaunchAgent.pkg that is found in the resources folder of a JC release, which has a keep alive flag and a run at load flag. You can also just suppress the JC login window until you are ready by bundling a script or command to the deployment policy that just runs the below to reset the screen to the macOS default.

 

/usr/local/bin/authchanger --reset

 

 


Reply