Jamf Connect Sync Menu Items

When launched, Jamf Connect Sync displays an icon in the menu bar. Users can access the Jamf Connect Sync's menu items by clicking the icon images/download/thumbnails/79176401/JC_MenuLogo.png . Administrators can customize or hide the displayed menu items with a configuration profile written to the following preference domain:

com.jamf.connect.sync

Menu items include the following:

  • Sign In

  • Change Password

  • Get Software

  • Get Help

  • Preferences

  • Quit

Note: You can also include a file share menu item. For more information, see the Configuring File Shares with Jamf Connect Sync section of this guide.

Sign In

Users must sign in to use Jamf Connect Sync and access other menu items.

images/download/attachments/79176401/JCSync_SignIn.png

A user can enter their username and password, and then choose their preferred browser.

When a user clicks Sign In, an Okta authentication request is initiated using the Okta APIs to the endpoint specified in the Jamf Connect Sync preferences. If the user has multi-factor authentication (MFA) enabled, they are prompted to choose an MFA method and complete the authentication process.

A successful sign in redirects the user to the Okta dashboard web page, where they can launch other single sign-on (SSO) enabled applications.

Change Password

Change Password allows a user to change their password. Password changes can be completed using the following methods:

  • The Okta dashboard

  • A Kerberos password change

  • A custom method configured by an administrator

Password changes forced via Okta's settings happen outside of this menu and are shown to the user when they authenticate. This menu is recommended in the following situations:

  • When using Active Directory

    Note: Okta does not recognize when a user’s password will expire.

  • When allowing the user a method for changing their password, regardless of the password expiration date

If Kerberos settings are configured, password changes are completed with Kerberos by default. If Kerberos is not configured, password changes default to the user’s Okta dashboard.

Password changes made through the Okta dashboard or a custom method require the user to re-authenticate with Jamf Connect Sync to ensure the password change synchronizes with the local account password. To facilitate this process, you can set the ChangePasswordTimer preference key to specify a delay between when the external webpage is triggered and when Jamf Connect Sync prompts the user to re-authenticate.

Get Software

Get software launches a self-service application, such as Jamf Self Service, Munki’s Managed Software Center, or LanRev’s self-service application. Administrators can either use Jamf Connect Sync's built-in detection of these services, or they can specify an app, webpage, or script to launch with a preference key.

Get Help

Get help launches an application, webpage, or runs a script that allows users to communicate with their IT department. Administrators can specify the behavior of this menu item by setting the GetHelpType and GetHelpOptions preference keys.

Preferences

Preferences displays a menu with the most useful settings used with Jamf Connect Sync.

images/download/attachments/79176401/JCSync_Preferences.png

You can set the following in the preferences menu:

  • Authentication Domain – Specifies your organization's Okta domain, which is used for authentication

  • Check for Safari Extension – Alerts the user when the Jamf Connect Sync extension is not enabled in Safari

  • Warn on password expiration – Warns the user before their password expires

  • Use Keychain – Allows the user to store their Okta password in their keychain

  • Sync Local Password – Allows Jamf Connect Sync to synchronize the user's Okta password with their local account

  • Auto Authenticate – Automatically authenticates the user when opening from a web browser

  • Hide Change Password Menu – Hides the Change Password menu item

  • Ignore Domain Reachability – Allows Jamf Connect Sync to get Kerberos tickets on any network without looking up the Service records (SRV records) for the domain

    Note: This is recommended when specifying LDAP servers.

  • Automatically push last Multifactor – Allows Jamf Connect Sync to use a specified MFA

You can also enable Kerberos by selecting Get Kerberos Tickets, and then set the following:

  • Kerberos Realm – Specifies your organization's Kerberos Realm

  • Show AD Expiration – Displays when a user's password will expire

  • Show Countdown – Displays the number of days until the user's password expires. You can also specify what day the countdown starts.

  • Renew tickets – Allows Jamf Connect Sync to renew Kerberos tickets

  • Ask for short name – Requires users to enter their short name to get Kerberos tickets

  • Short name – Specifies the user's short name

All preferences can be forced into specific settings by applying configuration profiles. If a setting is configured with a configuration profile, the Preferences menu does not allow the user to change that particular setting.

Note: The only preference that is required is the Authentication Domain. Jamf Connect Sync will automatically display the Preference menu if the Authentication Domain is not configured.

Quit

Quit exits Jamf Connect Sync. This item can be hidden from the user to ensure the application is always running.

Related Information

For related information, see the following sections of this guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2019 Jamf. All rights reserved.