Configuring Jamf Connect Verify

You can configure Jamf Connect Verify with preference keys available in the app. Preferences allow for full manipulation of Jamf Connect Verify’s features. You can set preferences through multiple methods:

  • Use Jamf Connect Configuration to create a configuration profile.
    For more information, see Jamf Connect Configuration.

  • Manually create a configuration profile with a text editor.

  • Set manually with the defaults command.

Note: The defaults command will not show preferences set by an MDM solution.

Jamf Connect Verify preference keys are written to the following preference domain:

com.jamf.connect.verify

Preference Keys

The following tables contain all the preference key-value pairs used by Jamf Connect Verify.

Note: Boolean key-values that aren't configured default to false.

Required Key-Value Pair

Jamf Connect Verify only requires the following key-value pairs:

Key

Description

Example

OIDCROPGID

The client ID of the added app in your IdP used for authenticating the user's password via a resource owner password grant (ROPG) workflow.

Note: If using Jamf Connect Login, you can use the same Client ID for both apps.

<key>OIDCROPGID</key>

<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>

OIDCProvider

Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:

  • Azure

  • PingFederate

  • Custom

<key>OIDCProvider</key>

<string>Azure</string>

OIDCDiscoveryURL

Your IdP's OpenID metadata document that stores OpenID configuration information. This value appears in the following format: " https://domain.url.com/.well-known/openid-configuration "

Note: This key is only required if the OIDCProvider key is set to "Custom" or "PingFederate".

<key>OIDCDiscoveryURL</key>

<string>https://domain.url.com/.well-known/openid-configuration</string>

Optional Key-Value Pairs

You can use the following key-value pairs to further customize Jamf Connect Verify:

General Preferences

Key

Description

Example

DontShowWelcome

Hides the Jamf Connect Sync splash screen on launch

<key>DontShowWelcome</key>

<true/>

FailToolPath

Specifies a path to a custom tool to use on password failure

<key>FailToolPath</key>

<string>insert-path-here</string>

ForceSignInWindow

Determines if the sign in window should stay open until the user has successfully authenticated

<key>ForceSignInWindow</key>

<true/>

GetHelpType

The type of Get Help menu, such as a URL, path or app

<key>GetHelpType</key>

<string>app</string>

GetHelpOptions

Specifies the URL or path for GetHelpType.<<serial>>, <<fullname>>, <<shortname>> and <<domain>> are supported as substitutions

Note: The GetHelpType key must be specified.

<key>GetHelpOptions</key>

<string>/Applications/Google Chrome.app</string>

LoginLogo

Specifies an image to display in the authentication window

<key>LoginLogo</key>

<string>/usr/local/images/logo.png</string>

SelfServicePath

Specifies the file path for a Self Service application not found automatically

<key>SelfServicePath</key>

<string>/Applications/Your.app</string>

Hide Menu Preferences

Key

Description

Example

HideAbout

Hides the About window

<key>HideAbout</key>

<true/>

HideChangePassword

Hides the Change Password menu item

<key>HideChangePassword</key>

<true/>

HideGetHelp

Hides the Get Help menu

<key>HideGetHelp</key>

<true/>

HideGetSoftware

Hides the Get Software menu

<key>HideGetSoftware</key>

<true/>

HideHomeDirectory

Hides the home directory menu item

<key>HideHomeDirectory</key>

<true/>

HideLastUser

Hides the last user menu item

<key>HideLastUser</key>

<true/>

HidePrefs

Hides the Preferences menu item

<key>HidePrefs</key><true/>

HideResetPassword

Hides the reset password menu item

<key>HideResetPassword</key>

<true/>

HideShares

Hides the shares menu

<key>HideShares</key>

<true/>

HideSignIn

Hides the Sign in menu item

<key>HideSignIn</key>

<true/>

HideTickets

Hides the Tickets menu item

<key>HideTickets</key>

<true/>

HideQuit

Hides the Quit menu item

<key>HideQuit</key>

<true/>

Menu Text Preferences

Key

Description

Example

MenuAbout

Title of the About menu

<key>MenuAbout</key>

<string>insert-text-here</string>

MenuActions

Title of the Actions menu item

<key>MenuActions</key>

<string>insert-text-here</string>

MenuChangePassword

Title of the Change Password menu item

<key>MenuChangePassword</key>

<string>insert-text-here</string>

MenuGetHelp

Title of the Get Help menu

<key>MenuGetHelp</key>

<string>insert-text-here</string>

MenuGetSoftware

Title of the Get Software menu

<key>MenuGetSoftware</key>

<string>insert-text-here</string>

MenuHomeDirectory

Title of the Home share menu

<key>MenuHomeDirectory</key>

<string>insert-text-here</string>

MenuKerberosTickets

Title of the Kerberos Tickets menu

<key>MenuKerberosTickets</key>

<string>insert-text-here</string>

MenuResetPassword 

Title of the reset password menu

<key>MenuResetPassword</key>

<string>insert-text-here</string>

MenuShares

Title of the shares menu

<key>MenuShares</key>

<string>insert-text-here</string>

MenuIconActive

Image to use when the icon is active

<key>MenuIconActive</key>

<string>/usr/local/images/icon.png</string>

MenuIconDark

Image to use for the menu icon in dark mode

<key>MenuIconDark</key>

<string>/usr/local/images/icon.png</string>


Kerberos Ticket Preferences

Key

Description

Example

KerberosGetTicketsAutomatically

Determines if Kerberos tickets are automatically retrieved.

<key>KerberosGetTicketsAutomatically</key>

<true/>

KerberosRealm

Specifies the Kerberos realm used to get Kerberos tickets

<key>KerberosRealm</key>

<string>COMPANY.NET</string>

KerberosShowCountdown

Shows the countdown of days remaining until the password expires

<key>KerberosShowCountdown</key>

<true/>

KerberosShowCountdownLimit

An integer, in days remaining, before the password expiration countdown is displayed in the menu bar

Note: To use the KerberosShowCountdownLimit key, the KerberosShowCountdown key must be set to true.

<key>KerberosShowCountdownLimit</key>

<integer>15</integer>

TimerKerberosCheck

Specifies the frequency, in minutes, that Kerberos tickets are retrieved

<key>TimerKerberosCheck</key>

<integer>15</Integer>

Keychain Preferences

Key

Description

Example

KeychainItems

Determines what keychain items are updated when the user's local password is updated

<key>KeychainItems</key>

<array>

<string>keychain-item-one</string>

<string>keychain-item-two</string>

</array>

KeychainItemsDebug

Updates keychain items on every sign in. Used for debugging.

<key>KeychainItemsDebug</key>

<true/>

KeychainItemsCreateSerial

Serial for new keychain item creation

<key>KeychainItemsCreateSerial</key>

<string>insert-serial-here</string>

KeychainItemsInternet

Determines which internet accounts Jamf Connect Verify should synchronize with the local password.

<key>KeychainItemsInternet</key>

<array>

<string>keychain-item-one</string>

<string>keychain-item-two</string>

</array>

Password Preferences

Key

Description

Example

TimerLocalCheck

Specifies the amount of time in minutes between local password verifications.

<key>TimerLocalCheck</key>

<integer>15</integer>

TimerNetworkCheck

Specifies the amount of time in minutes between network password verifications.

<key>TimerNetworkCheck</key>

<integer>15</integer>

LocalPasswordIgnore

Specifies if local password verification should be ignored. This key is used for testing purposes.

<key>LocalPasswordIgnore</key>

<false/>

NetworkCheckAutomatically

Determines if the network password is verified automatically

<key>NetworkCheckAutomatically</key>

<true/>

Additional Messaging Text

Key

Description

Example

MessageBrowserPasswordChange

Text shown after the user closes the in-app browser after changing a password

<key>MessageBrowserPasswordChange</key>

<string>insert-text-here</string>

MessageLocalSync

Text shown when the local password is not the same as the network password

<key>MessageLocalSync</key>

<string>insert-text-here</string>

MessageNetworkPasswordWrong

Text shown when the network password is wrong

<key>MessageNetworkPasswordWrong</key>

<string>insert-text-here</string>

WindowAbout

Title of the About window

<key>WindowAbout</key>

<string>insert-text-here</string>

WindowSignIn

Title of the Sign In window

<key>WindowSignIn</key>

<string>insert-text-here</string>

AlwaysShowSuccess

Determines if a success message is displayed when a user successfully signs in with Jamf Connect Verify.

<key>AlwaysShowSuccess</key>

<true/>

MessagePasswordSuccess

Text shown when a user successfully signs in with Jamf Connect Verify.

Note: The AlwaysShowSuccess key must be set to true.

<key>MessagePasswordSuccess</key>

<string>insert-text-here</string>

OpenID Connect Settings

Key

Description

Example

OIDCROPGID

The Client ID of the added app in your IdP used for authenticating the user's password via a resource owner password grant (ROPG) workflow.

<key>OIDCROPGID</key>

<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>

OIDCClientSecret

Client secret for ROPG operations

<key>OIDCClientSecret</key>

<string>insert-client-secret-here</string>

OIDCChangePasswordURL

URL to the password change page in the IdP

<key>OIDCChangePasswordURL</key>

<string>https://www.passwordchangeexample.com</string>

OIDCLoginURL

URL to sign in to your IdP

<key>OIDCLoginURL</key>

<string>https://login.microsoftonline.com</string>

OIDCProvider

Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:

  • Azure

  • PingFederate

  • Custom

<key>OIDCProvider</key>

<string>Azure</string>

OIDCRedirectURI

The redirect URI used by your Jamf Connect app in your IdP.

"https://127.0.0.1/jamfconnect" is recommended by default, but any valid URI value may be used as long as the configured value in your IdP matches the the value in your Jamf Connect Login configuration profile.

<key>OIDCRedirectURI</key>

<string>https://127.0.0.1/jamfconnect</string>

OIDCResetPasswordURL

URL to the password reset page in the IdP

<key>OIDCResetPasswordURL</key>

<string>https://www.passwordresetexample.com</string>

ROPGSuccessCodes

An array of strings that contain error codes from Azure during an ROPG password verification, which should be interpreted as successful by Jamf Connect.

For possible error codes that may need to be configured in your environment, see the following documentation from Microsoft: https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes

<key>ROPGSuccessCodes</key>

<array>

<string>AADSTS50012</string>

<string>AADSTS50131</string>

</array>

 

Defaults

For testing purposes, the defaults command is useful for manually reading and writing the current Jamf Connect Verify preferences.

Note: Commands should be run as the root user or with the sudo command.

The following are examples of commands you can execute to set Jamf Connect Verify preferences.

Command

Description

defaults read com.jamf.connect.verify

Shows all current preference key-value pairs for the application

defaults write com.jamf.connect.verify HidePreferences 1

Hides the Preferences menu from the user

defaults delete com.jamf.connect.verify HidePreferences

Unhides the Preferences menu from the user

Troubleshooting

You can troubleshoot Jamf Connect Verify by running it in verbose mode and capturing the logs. Verbose mode is used by running the app from the command line with the -v flag. You can run multiple copies of Jamf Connect Verify at the same time by running an additional copy of the software instead of unloading a launch agent. The following command runs Jamf Connect Verify in verbose mode:

/Applications/Jamf\ Connect\ Verify.app/Contents/MacOS/Jamf\ Connect\ Verify -v

You can also use the -prefs flag to have all of the current preferences displayed on the command line output. Preferences set with a configuration profile are specified as “Forced”.

/Applications/Jamf\ Connect\ Verify.app/Contents/MacOS/Jamf\ Connect\ Verify -v -prefs

Related Information

See the following section of this guide for related information:

Configuring Action Menu Items
Find out how to configure a custom action menu item.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.