Posted on 03-18-2024 11:15 AM
Today we released Jamf Connect 2.33.0. This release includes the following changes and improvements:
Privilege Elevation using Jamf Connect
The Jamf Connect menu bar app allows standard users to initiate a temporary promotion to a local administrator. Upon activation, a timer will appear in the user's menu bar for the duration of their promotion. When the timer ends, the user will be reverted to a standard user. This feature can be added to your Jamf Connect configuration with the Temporary User Promotion (TemporaryUserPromotion) setting manually or via the Jamf Connect Configuration app. For more information, see Privilege Elevation for Local Accounts.
Other Changes and Improvements
To access new versions of Jamf Connect, log in to Jamf Account with your Jamf ID. The latest version is located in the Products section under Jamf Connect.
Product Documentation
For additional information on what's included in this release, review the release notes via the Jamf Learning Hub.
Thank you!
The Jamf Connect team
Temporary User Promotion sounds great, but from what I'm reading it looks to not be limited to a specific user+machine combination. Is that correct?
If so, that sounds like a good thing for IT or Help Desk, but maybe not a full replacement for something like the Privileges app. Still, a great first step in that direction.
@McAwesome Temporary User Privilege promotion can be filtered by two methods currently: Role Based Elevation and differential configuration distribution .. For Role Based configuration, the user, after authenticating in part of the flow is gated by matching the role of the user provided by the IDP with the approved roles in an array in the configuration. This also allows promotion duration to be varied by roles for the users.
If this flow isn't preferred one can target users by Jamf Pro Groups giving intended users a configuration with the feature turned on, while providing non-targeted users with the feature turned off.
Jamf Connect Configuration now provides a notification with information on new features
Is there a way to disable this? When managing hundreds / thousands of Macs, the last thing we want is users to be calling asking questions about a mostly hidden process that suddenly provides confusing technical information that doesn't apply to 99% of the user base.
@user-TykYEzpbkp That's referring to the Jamf Connect Configuration application, not Jamf Connect. The end user won't be seeing it.
I am curious what is missing between this new feature and Privileges? I have looked at Privileges in the past, but never implemented. I am wondering what I am missing?
Admittedly, only just started playing with this feature. That said, the main thing I see is having a streamlined way to approve elevated privileges for a user on only their machine. You may trust Steve and Dave with admin rights on their computers, but you don't want Steve to have admin on Dave's machine.
With Privileges, you can limit it by putting the $USERNAME variable into the LimitToUser field in the config. This ensures only the assigned user on the machine is allowed to elevate their user rights. Steve can sign into Dave's machine, but he can't do admin tasks.
With this new route, it looks like you can do that....by creating and deploying a separate Azure role per user per machine. It's possible, but cumbersome enough I know I wouldn't do it. At that point, you'd have to choose whether to give an individual user admin access to all machines with Jamf Connect's Privilege Elevation enabled or just not use it at all.
I should note that I am really liking this addition, and the easy to understand UI associated with it. It's like 90% of where I want it to be, which for a first release is fantastic.
Looks really good. Thanks very much for this additional feature in Jamf Connect.
However, to make it a realistic option for us to migrate from Privileges:
Are either of these planned for a future update?
has anyone here tried getting notifications sent to a Teams channel or Slack when people request to elevate privileges via Jamf connect? Looking to see if anyone can help me here: https://community.jamf.com/t5/jamf-nation/jamf-connect-admin-and-teams-channel-notifications/m-p/312...