Now that the user is authenticated and authorized, Jamf Connect will create the local user account in macOS. Jamf Connect can ask the user to authenticate, using modern practices like multi-factor authentication, conditional access, and cloud identity providers. Then, Jamf Connect will pop up before the standard native login window. So, you can push Jamf Connect, and use the Await Configuration command to make sure that it gets fully installed while the device is in setup assistant mode-i.e., the device will tell the user to hold on while it sets everything up, and the user can’t mess it up or anything.
Here, as I wrote last week, there’s an option to authenticate the user via LDAP, but we want stronger authentication at some point.Īs part of the initial MDM enrollment, you can push a package to the device, using the Install Enterprise App command.
#What is jamf connect serial number#
If the serial number is part of the Device Enrollment Program, Apple will redirect it to the associated MDM server. When a Mac is turned on and connected to the internet for the first time, it checks in with Apple. The easiest way to understand what Jamf Connect does is to look at the enrollment process step by step. Lastly, this is all happening at a time when identity concepts like conditional access, multi-factor authentication, SAML, and “zero trust” are really spreading.As with Windows, most IT organizations want to avoid giving admin rights to Mac users.Automated MDM enrollments need some help with authentication, because DEP and MDM just don’t have all the modern identity components needed to secure it.DEP) is the way forward, and High Sierra, the T2 chip, and Mojave have killed off imaging. By now you’ve probably heard that macOS provisioning is changing.First, macOS has supported binding with Active Directory for years, but most Mac admins consider this brittle and unreliable, and instead, local user accounts are the way to go.Before we dig in, we should go over some of the identity management trends and issues facing macOS today: