Configuring Jamf Connect Sync

You can configure Jamf Connect Sync with preference keys available in the app. Preferences allow for full manipulation of Jamf Connect Sync’s features. You can set preferences through multiple methods:

  • Use Jamf Connect Configuration to create a configuration profile.
    For more information, see Jamf Connect Configuration.

  • Manually create a configuration profile with a text editor.

  • Set manually with the defaults command.

Note: The defaults command will not show preferences set by an MDM solution.

Jamf Connect Sync preference keys are written to the following preference domain:

com.jamf.connect.sync

Preference Keys

The following tables contain all the preference key-value pairs used by Jamf Connect Sync.

Note: Boolean key-values that are not configured default to false.

Required Key-Value Pair

Jamf Connect Sync only requires the following key-value pair:

Key

Description

Example

AuthServer

Specifies your Okta authentication domain

Note: A Preceding "https:" is not required.

<key>AuthServer</key>

<string>yourcompany.okta.com</string>

Optional Key-Value Pairs

You can use the following key-value pairs to further customize Jamf Connect Sync:

General Preferences

Key

Description

Example

ActionsUpdateTime

Specifies an interval, in minutes, between setting and updating the Actions menu item. If unset, the default value is 15 minutes.

<key>ActionsUpdateTime</key>

<integer>15</integer>

ADExpirationShow

Displays the password expiration date beneath the user's name in the menu bar

<key>ADExpirationShow</key>

<false/>

AutoAuth

Determines if web extensions automatically authenticate via the Jamf Connect Sync UI

<key>AutoAuth</key>

<true/>

CenterSignIn

Ensures the Sign In window is always centered on the user's screen

<key>CenterSignIn</key>

<true/>

CheckSafariExtension

Determines if an alert displays to users when the Jamf Connect Sync Safari extension is disabled

<key>CheckSafariExtension</key>

<true/>

DontShowWelcome

Hides the Jamf Connect Sync splash screen on launch

<key>DontShowWelcome</key>

<false/>

ExpirationWarningDays

Specifies an integer, in days, for Jamf Connect Sync to send notifications via the Notification Center for an upcoming password expiration.

<key>ExpirationWarningDays</key>

<integer>5</integer>

ExportableKey

Allows the private key of the user certificate to be exported

<key>ExportableKey</key>

<false/>

GetCertificateAutomatically

Enables Jamf Connect Sync to get a certificate from a Windows web certificate authority (CA) automatically on login

<key>GetCertificateAutomatically</key>

<true/>

GetHelpType

Determines which GetHelp type is used.

Note: Bomgar, URL and App are supported.

<key>GetHelpType</key>

<string>app</string>

GetHelpOptions

Specifies the URL or path for GetHelpType.<<serial>>, <<fullname>>, <<shortname>> and <<domain>> are supported as substitutions

Note: The GetHelpType key must be specified.

<key>GetHelpOptions</key>

<string>/Applications/Google Chrome.app</string>

IgnoreDomainReachability

Determines if SRV record lookups are used to determine if the Active Directory domain is accessible

<key>IgnoreDomainReachability</key>

<false/>

LicenseFile

The contents of a .jamfconnectlicense file encoded in Base64 data format

<key>LicenseFile</key>

<data>encoded-license-content</data>

WifiNetworks

A list of wireless networks to associate with the certificate Jamf Connect Sync created

<key>WifiNetworks</key>

<array>

<string>SSID1</string>

<string>SSID2</string>

</array>

SelfServicePath

Specifies the file path for a Self Service application not found automatically

<key>SelfServicePath</keys>

<string>/Applications/Your.app</string>

SignInCommand

Specifies a script or other binary to be run after a successful sign in

<key>SignInCommand</key>

<string>/var/opt/bin/scripts/signin.bash</string>

SignInLogo

Specifies the path to image file used as a logo.

Note: A 342 x 90 pixel image is recommended.

<key>SignInLogo</key>

<string>/usr/local/logo.png</string>

Template

Certificate template from a Windows web CA

<key>Template</key>

<string>User Auth</string>

LDAPServers

Specifies domain controllers to use for Active Directory lookups

<key>LDAPServers</key>

<array>

<string>dc1.nomad.local</string> <string>dc2.nomad.local</string>

</array>

X509CA

Specifies the URL of the Windows web CA for Jamf Connect Sync to use for certificates

<key>X509CA</key>

<string>dc1.nomad.test</string>

Hide Menu Preferences

Key

Description

Example

HideAbout

Hides the About menu item

<key>HideAbout<key>

<true/>

HideActions

Hides the Actions menu item

<key>HideActions</key>

<true/>

HideChangePassword

Hides the Change Password menu item

<key>HideChangePassword</key>

<true/>

HideGetSoftware

Hides the Get Software menu item

<key>HideGetSoftware</key>

<true/>

HideGetHelp

Hides the Get Help menu item

<key>HideGetHelp</key>

<true/>

HideLockScreen

Hides the Lock Screen menu item

Note: On macOS 10.14 or later, the Lock Screen is hidden by default in Jamf Connect Sync.

<key>HideLockScreen</key>

<true/>

HidePreferences

Hides the Preferences menu item

<key>HidePreferences</key>

<true/>

HideQuit

Hides the Quit menu item

<key>HideQuit</key>

<true/>

HideSignIn

Hides the Sign In menu item

<key>HideSignIn</key>

<true/>

Menu Text Preferences

Key

Description

Example

MenuAbout

Menu item text for the About item

<key>MenuAbout</key>

<string>This app</string>

MenuActions

Menu item text for the Actions item

<key>MenuActions<key>

<string>Quick Actions</string>

MenuChangePassword

Menu item text for the Change Password item

<key>MenuChangePassword</key>

<string>Change network password</string>

MenuIcon

Path to the menu bar icon image

Note: A 16x16 pixel image is recommended.

<key>MenuIcon</key>

<string>/usr/local/images/icon.png</string>

MenuGetHelp

Menu item text for the Get Help item

<key>MenuGetHelp</key>

<string>File ticket</string>

MenuGetSoftware

Menu item text for the Get Software item

<key>MenuGetSoftware</key>

<string>Get Apps</string>

MenuLockScreen

Menu item text for the Lock Screen item

<key>MenuLockScreen</key>

<string>Screen Lock</string>

MenuPreferences

Menu item text for the Preferences item

<key>MenuPreferences</key>

<string>Settings</string>

MenuSignIn

Menu item text for the Sign In item

<key>MenuSignIn</key>

<string>Login</string>

Kerberos Ticket Preferences

Key

Description

Example

KerberosRealm

Specifies the Kerberos realm used to get Kerberos tickets

<key>KerberosRealm</key>

<string>example.realm</string>

KerberosRenew

Determines if the Kerberos tickets should be renewed or not.

<key>KerberosRenew</key>

<true/>

KerberosShortName

The shortname to use for Kerberos tickets. If unspecified, the user's sign in name is used.

<key>KerberosShortName</key>

<string>Joel</string>

KerberosShortNameAsk

Determines if the user is asked to enter their Kerberos short name on first sign in

<key>KerberosShortNameAsk</key>

<false/>

KerberosShortNameAskMessage

The message displayed to users when requesting their Kerberos short name

<key>KerberosShortNameAskMessage</key>

<string>Please enter your Active Directory user name.</string>

TicketsOnSignIn

Determines if Jamf Connect Sync retrieves Kerberos Tickets on sign in

<key>TicketsOnSignIn</key>

<true/>

Keychain Preferences

Key

Description

Example

KeychainItems

Determines what keychain items are updated when the user's local password is updated

Note: To use the KeychainItems key, the UseKeychain key must be set to true.

<key>KeychainItems</key>

<array>

<string>AccountItemOne</string>

<string>AccountItemTwo</string>

</array>

KeychainItemsInternet

Determines which internet accounts Jamf Connect Sync should synchronize with the local password.

Note: To use the KeyChainItemsInternet key, the UseKeychain and LocalPasswordSync keys must be set to true.

<key>KeychainItemsInternet</key>

<dict>

<key>InternetItemOne</key>

<string>www.example.com</string>

<key>InternetItemTwo</key>

<string>www.example.com</string>

</dict>

KeychainItemsDebug

Updates keychain items on every sign in. Used for debugging.

<key>KeychainItemsDebug</key>

<true/>

UseKeychain

Determines whether the Okta password is stored in the user’s Keychain

<key>UseKeychain</key>

<true/>

UseKeychainPrompt

Displays the Sign In window on launch

Note: If the the user has a password in the keychain, the sign in window will not launch.

<key>UseKeychainPrompt</key>

<true/>

UseKeychainPromptExclusions

List of users that can ignore the keychain prompt

<key>UseKeychainPromptExclusions</key>

<array>

<string>user-one</string>

<string>user-two</string>

</array>

Password Settings

Key

Description

Example

ChangePasswordOrder

Determines the order and setting for the password change menu. If unspecified, Okta is used by default for password changes. If Kerberos is enabled, Jamf Connect Sync will use Kerberos to authenticate to your Active Directory domain, and then authenticate to Okta.

Note: This key is an array of dictionaries.

<key>ChangePasswordOrder</key>

<array>

<dict>
<key>okta</key>
<string></string>
</dict>
</array>

ChangePasswordTimer

Specifies an interval, in minutes, until the user is prompted to sign in again after a password change

<key>ChangePasswordTimer</key>

<string>3</string>

LocalPasswordSync

Determines if the Okta password is synchronized with the local account

<key>LocalPasswordSync</key>

<true/>

LocalPasswordSyncMessage

Specifies the alert dialog text displayed to the user when asked to enter in their local password

<key>LocalPasswordSyncMessage</key>

<string>Please enter your local user account password.</string>

LocalPasswordSyncOnMatchOnly

Syncs the password only if the Okta account name matches the local account name

<key>LocalPasswordSyncOnMatchOnly</key>

<false/>

PasswordChangeCommand

Specifies a script or other binary to be run after the user changes a password

<key>PasswordChangeCommand</key>

<string>/usr/local/bin/change.sh</string>

PasswordExpirationMenu

Determines if the countdown before password expiration is displayed in the menu bar

<key>PasswordExpirationMenu</key>

<true/>

PasswordExpirationMenuDays

An integer, in days remaining, before the password expiration countdown is displayed in the menu bar

Note: To use the PasswordExpirationMenuDays key, the PasswordExpirationMenu key must be set to true.

<key>PasswordExpirationMenuDays</key>
<integer>15</integer>

PasswordPolicy

Defines the password complexity policy for changing the password via Kerberos

<key>PasswordPolicy</key>
<array>
<dict>
<key>minLength</key>
<string>8</string>
<key>minLowerCase</key>
<string>1</string>
<key>minMatches</key>
<string>3</string>
<key>minNumber</key>
<string>1</string>
<key>minSymbol</key>
<string>0</string>
<key>minUpperCase</key>
<string>1</string>
</dict>
</array>

PasswordCheckUpdateTime

Specifies the interval, in minutes, that Jamf Connect Sync checks the local password for synchronization. If unspecified, Jamf Connect Sync will check every 15 minutes by default.

Note: To use PasswordCheckUpdateTime, the LocalPasswordSync key must be set to true.

<key>PasswordCheckUpdatedTime</key>

<integer>5</integer>

PeriodicUpdateTime

Specifies the interval, in minutes, between background updates

<key>PeriodicUpdateTime</key>

<integer>15</integer>

WarnOnPasswordExpiration

Determines whether Jamf Connect Sync should warn the user on sign in if the password is about to expire

<key>WarnOnPasswordExpiration</key>

<true/>

Additional Messaging Text

Key

Description

Example

LabelUsername

The text label for the username field in the Sign In window

<key>LabelUsername</key>

<string>corporate e-mail</string>

LabelPassword

The text label for the password field in the Sign In window

<key>LabelPassword</key>

<string>corporate password</string>

MessageOTPEntry

Text displayed when a user must enter a one time password (OTP) as a multi-factor authentication (MFA) method.

<key>MessageOTPEntry</key>

<string>Enter your verification code.</string>

MessagePasswordChangePolicy

Text displayed to users that communicates the authentication domain's password complexity policy when changing a password via Kerberos

<key>MessagePasswordChangePolicy</key>

<string>Please review the employee handbook.</string>

MessagePluginDisabled

Text displayed to users when the Safari plugin is not enabled

Note: The CheckSafariExtension key must be set to true.

<key>MessagePluginDisabled</key>

<string>Please enable the plugin in Safari.</string>

TitleSignIn

Specifies the title of the Sign In window.

<key>TitleSignIn</key>

<string>Sign in to Okta</string>

Preferences Set by Jamf Connect Sync

The following table lists the preference keys automatically set by Jamf Connect Sync.

Important: Administrators should not configure these keys.

Key

Description

Example

ADExpiration

The date the users’s password expires as pulled from the authentication domain

<key>ADExpiration</key>

<date>2017-12-22 21:39:17 +0000<date>

DisplayName

The full name of the user as pulled from the authentication domain

<key>DisplayName</key>

<string>full name</string>

ExpirationWarningLast

The time the last expiration notification was sent

<key>ExpirationWarningLast</key>

<date>2020-12-22 21:39:17 +0000</date>

FirstRunDone

Shows if Jamf Connect Sync has been launched

<key>FirstRunDonetrue</key>

<true/>

LastCertificateExpiration

Longest expiration date of a certificate pulled from authentication domain for this user

<key>LastCertificateExpiration</key>

<date>2020-12-22 21:39:17 +0000</date>

LastSignIn

Date of the last successful sign in to Okta

<key>LastSignIn</key>

<date>2020-12-22 21:39:17 +0000</date>

PasswordLength

Password length requirement from the authentication domain for the current user

<key>PasswordLength</key>

<integer>8</integer>

UserEmail

Email address of the user as pulled from their authentication record

<key>UserEmail<key>

<string>username@email.com</string>

UserFirstName

First name of the user as pulled from their authentication record

<key>UserFirstName</key>

<string>FirstName</string>

UserGroups

Group membership of the user as pulled from authentication domain

<key>UserGroups</key>

<array>

<string>Mammals</string>

<string>nomads</string>

<string>admins</string>

</array>

UserLastName

Last name of the user as pulled from their authentication domain record

<key>UserLastName</key>

<string>LastName</string>

UserLoginName

Last cloud identity account to log in with Jamf Connect Sync.

<key>UserLoginName</key>

<string>username@email.com</string>

UserShortName

Short name of the user as pulled from their authentication domain record

<key>UserShortName</key>

<string>name</string>

UserUPN

UPN of the user as pulled from their authentication domain record

<key>UserUPN</key>

<string>username@email.com</string>

Defaults

For testing purposes, the defaults command is useful for manually reading and writing the current Jamf Connect Sync preferences.

Note: Commands should be run as the root user or with the sudo command.

The following are examples of commands you can execute to set Jamf Connect Sync preferences.

Command

Description

defaults read com.jamf.connect.sync

Shows all current preference key-value pairs for the application

defaults write com.jamf.connect.sync HidePreferences 1

Hides the Preferences menu from the user

defaults delete com.jamf.connect.sync HidePreferences

Unhides the Preferences menu from the user

Troubleshooting

You can troubleshoot Jamf Connect Sync by running it in verbose mode and capturing the logs. Verbose mode is used by running the app from the command line with the -v flag. You can run multiple copies of Jamf Connect Sync at the same time by running an additional copy of the software instead of unloading a launch agent. The following command runs Jamf Connect Sync in verbose mode:

/Applications/Jamf\ Connect\ Sync.app/Contents/MacOS/Jamf\ Connect\ Sync -v

You can also use the -prefs flag to have all of the current preferences displayed on the command line output. Preferences set with a configuration profile are specified as “Forced”.

/Applications/Jamf\ Connect\ Sync.app/Contents/MacOS/Jamf\ Connect\ Sync -v -prefs

Related Information

See the following sections of this guide for related information:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.