You can configure Jamf Connect by setting preference keys.

Preference keys allow for full manipulation of Jamf Connect Login’s features. You can set preferences with any of the following methods:

Use Jamf Connect Configuration to create and test a configuration profile.
For more information, see Jamf Connect Configuration.
Use Jamf Pro's Application & Custom Setting payload.
For more information, see the Configuring Jamf Connect Settings in Jamf Pro Knowledge Base article.
Manually create a configuration profile with a text editor.
Set preferences with the command line using the defaults write command.

Note: The defaults command will not show preferences set by an MDM solution.

Jamf Connect Sync preference keys are written to the following preference domain:

com.jamf.connect.sync

Preference Keys

The following tables contain all the preference key-value pairs used by Jamf Connect Sync.

Note: Example key-values, where applicable, match the default Jamf Connect setting. Boolean key-values that are not configured default to false unless stated otherwise, and key-values that configure text show the default text in the app.

Required

Key

Description

Example

AuthServer

Auth Server

Specifies your Okta authentication domain

Note: A Preceding "https:" is not required.

<key>AuthServer</key>

<string>yourcompany.okta.com</string>

Help Settings

Key	Description	Example
`SelfServicePath`	Self Service Path Specifies the file path for a Self Service application not found automatically	`<key>SelfServicePath</keys>` `<string>/Applications/Your.app</string>`
`GetHelpType`	Get Help Type Determines the type of help option used Note: Bomgar, URL and App are supported.	`<key>GetHelpType</key>` `<string>URL</string>`
`GetHelpOptions`	Get Help Options Specifies a URL or file path that users can access by clicking Get Help in the Jamf Connect menu. Note: The `GetHelpType` key must be specified.	`<key>GetHelpOptions</key>` `<string>/Applications/Google Chrome.app</string>`

Custom Display Settings

Key

Description

Example

CenterSignIn

Center Sign In Window Onscreen

Ensures the Sign In window is always centered on the user's screen

<key>CenterSignIn</key>

<false/>

DontShowWelcome

Skip About Screen on Launch

Hides the Jamf Connect Sync About window on launch

<key>DontShowWelcome</key>

<false/>

SignInLogo

Sign-in Logo

Specifies the path to image file used as a logo.

Note: A 342 x 90 pixel image is recommended.

<key>SignInLogo</key>

<string>/usr/local/logo.png</string>

ActionsUpdateTime

Update Actions Interval

Specifies an interval, in minutes, between setting and updating the Actions menu item. If unset, the default value is 15 minutes.

<key>ActionsUpdateTime</key>

<integer>15</integer>

Browser Extension Settings

Key

Description

Example

CheckSafariExtension

Check for Safari Extension

Determines if an alert displays to users when the Jamf Connect Sync Safari extension is disabled

<key>CheckSafariExtension</key>

<false/>

AutoAuth

Enable Automatic Sign-in

Determines if web extensions automatically authenticate via the Jamf Connect Sync UI

<key>AutoAuth</key>

<false/>

Network and Certificate Settings

Key

Description

Example

ExportableKey

Allow Private Key Exports

Allows the private key of the user certificate to be exported

<key>ExportableKey</key>

<false/>

GetCertificateAutomatically

Get Certificates Automatically

Enables Jamf Connect Sync to get a certificate from a Windows web certificate authority (CA) automatically on login

<key>GetCertificateAutomatically</key>

<false/>

IgnoreDomainReachability

Ignore Domain Accessibility

Determines if SRV record lookups are used to determine if the Active Directory domain is accessible

<key>IgnoreDomainReachability</key>

<false/>

LicenseFile

License File

The contents of a .jamfconnectlicense file encoded in Base64 data format

<key>LicenseFile</key>

<data>encoded-license-content</data>

WifiNetworks

Associated Wi-Fi Networks

A list of wireless networks to associate with the certificate Jamf Connect Sync created

<key>WifiNetworks</key>

<array>

<string>SSID1</string>

<string>SSID2</string>

</array>

SignInCommand

Sign-in Command

Specifies a script or other binary to be run after a successful sign in

<key>SignInCommand</key>

<string>/var/opt/bin/scripts/signin.bash</string>

Template

Certificate Template

Certificate template from a Windows web CA

<key>Template</key>

<string>User Auth</string>

LDAPServers

LDAP Servers

Specifies domain controllers to use for Active Directory lookups

<key>LDAPServers</key>

<array>

<string>dc1.nomad.local</string> <string>dc2.nomad.local</string>

</array>

X509CA

X.509 Certificate Authority

Specifies the URL of the Windows web CA for Jamf Connect Sync to use for certificates

<key>X509CA</key>

<string>dc1.nomad.test</string>

Kerberos Ticket Settings

Key

Description

Example

KerberosRealm

Kerberos Realm

Specifies the Kerberos realm used to get Kerberos tickets. Your kerberos realm should be written in all caps.

<key>KerberosRealm</key>

<string>YOURCOMPANY.NET</string>

KerberosRenew

Renew Kerberos Tickets

Determines if the Kerberos tickets should be renewed or not.

<key>KerberosRenew</key>

<false/>

KerberosShortName

Kerberos Short Name

The short name to use for Kerberos tickets. If unspecified, the user's sign in name is used.

<key>KerberosShortName</key>

<string>Joel</string>

KerberosShortNameAsk

Ask for Short Name

Determines if the user is asked to enter their Kerberos short name on first sign in

<key>KerberosShortNameAsk</key>

<false/>

KerberosShortNameAskMessage

Ask for Short Name Message

The message displayed to users when requesting their Kerberos short name

<key>KerberosShortNameAskMessage</key>

<string>Enter your Active Directory username.</string>

TicketsOnSignIn

Retrieve Kerberos Tickets During Sign-in

Determine if Kerberos tickets are retrieved each time users sign in

<key>TicketsOnSignIn</key>

<false/>

Password Settings

Key

Description

Example

ChangePasswordOrder

Password Change Method

Determines the order and setting for the password change menu. If unspecified, Okta is used by default for password changes. If Kerberos is enabled, Jamf Connect Sync will use Kerberos to authenticate to your Active Directory domain, and then authenticate to Okta.

Note: This key is an array of dictionaries.

<key>ChangePasswordOrder</key>

<array>

<dict>
<key>okta</key>
<string></string>
</dict>
</array>

ChangePasswordTimer

Change Password Timer

Specifies an interval, in minutes, until the user is prompted to sign in again after a password change

<key>ChangePasswordTimer</key>

<integer>3</integer>

LocalPasswordSync

Sync Local and Network Passwords

Determines if the Okta password is synchronized with the local account

<key>LocalPasswordSync</key>

<true/>

LocalPasswordSyncMessage

Sync Passwords Message

Specifies the alert dialog text displayed to the user when asked to enter in their local password

<key>LocalPasswordSyncMessage</key>

<string>Please enter your local user account password.</string>

LocalPasswordSyncOnMatchOnly

Only Sync Matching Account Names

Syncs the password only if the Okta account name matches the local account name

<key>LocalPasswordSyncOnMatchOnly</key>

<false/>

PasswordChangeCommand

Password Change Command

Specifies a script or other binary to be run after the user changes a password

<key>PasswordChangeCommand</key>

<string>/usr/local/bin/change.sh</string>

PasswordExpirationMenu

Display Password Expiration Countdown

Determines if the countdown before password expiration is displayed in the menu bar

<key>PasswordExpirationMenu</key>

<true/>

PasswordExpirationMenuDays

Password Expiration Countdown Start Date

An integer, in days remaining, before the password expiration countdown is displayed in the menu bar

Note: To use the PasswordExpirationMenuDays key, the PasswordExpirationMenu key must be set to true.

<key>PasswordExpirationMenuDays</key>
<integer>15</integer>

PasswordPolicy

Password Policy

Defines the password complexity policy for changing the password via Kerberos

<key>PasswordPolicy</key>
<array>
<dict>
<key>minLength</key>
<string>8</string>
<key>minLowerCase</key>
<string>1</string>
<key>minMatches</key>
<string>3</string>
<key>minNumber</key>
<string>1</string>
<key>minSymbol</key>
<string>0</string>
<key>minUpperCase</key>
<string>1</string>
</dict>
</array>

PasswordCheckUpdateTime

Local Password Verification Interval

Specifies the interval, in minutes, that Jamf Connect Sync checks the local password for synchronization. If unspecified, Jamf Connect Sync will check every 15 minutes by default.

Note: To use PasswordCheckUpdateTime, the LocalPasswordSync key must be set to true.

<key>PasswordCheckUpdateTime</key>

<integer>5</integer>

PeriodicUpdateTime

Kerberos Password Verification Interval

Specifies how often Jamf Connect Sync checks a user's local Kerberos password and certificates

<key>PeriodicUpdateTime</key>

<integer>15</integer>

WarnOnPasswordExpiration

Password Expiration Warning on Sign-in

Determines whether Jamf Connect Sync should warn the user on sign in if the password is about to expire

<key>WarnOnPasswordExpiration</key>

<true/>

ExpirationWarningDays

Password Expiration Notification

Specifies an integer, in days, for Jamf Connect Sync to send notifications via the Notification Center for an upcoming password expiration.

<key>ExpirationWarningDays</key>

<integer>5</integer>

Keychain Settings

Key

Description

Example

KeychainItems

Update Keychain Items

Determines what keychain items are updated when the user's local password is updated.

Note: To use the KeychainItems key, the UseKeychain key must be set to true.

<key>KeychainItems</key>

<dict>

<key>AccountItemOne</key>

<string><<shortname>></string>

<key>AccountItemTwo/key>

<string><<shortname>></string>

</dict>

KeychainItemsInternet

Sync Password with Internet Keychain Items

Determines which internet accounts Jamf Connect Sync should synchronize with the local password.

Note: To use the KeyChainItemsInternet key, the UseKeychain and LocalPasswordSync keys must be set to true.

<key>KeychainItemsInternet</key>

<dict>

<key>InternetItemOne</key>

<string>www.example.com</string>

<key>InternetItemTwo</key>

<string>www.example.com</string>

</dict>

KeychainItemsDebug

Update Keychain Items Every Sign-in (Debugging)

Updates keychain items on every sign in. Used for debugging.

<key>KeychainItemsDebug</key>

<true/>

UseKeychain

Use Keychain

Determines whether the Okta password is stored in the user’s Keychain

<key>UseKeychain</key>

<true/>

UseKeychainPrompt

Dislay Sign In Window on Launch

Displays the Sign In window on launch

Note: If the the user has a password in the keychain, the sign in window will not launch.

<key>UseKeychainPrompt</key>

<true/>

UseKeychainPromptExclusions

Users who are not prompted to sign in on launch

List of users that can ignore the keychain prompt

<key>UseKeychainPromptExclusions</key>

<array>

<string>user-one</string>

<string>user-two</string>

</array>

Hide Menu Settings

Key

Description

Example

HideAbout

Hide About Menu Item

Hides the About menu item

<key>HideAbout<key>

<false/>

HideActions

Hide Actions Menu Item

Hides the Actions menu item

<key>HideActions</key>

<true/>

HideChangePassword

Hide Change Password Menu Item

Hides the Change Password menu item

<key>HideChangePassword</key>

<false/>

HideGetSoftware

Hide Get Software Menu Item

Hides the Get Software menu item

<key>HideGetSoftware</key>

<false/>

HideGetHelp

Hide Get Help Menu Item

Hides the Get Help menu item

<key>HideGetHelp</key>

<false/>

HideLockScreen

Hide Lock Screen Menu Item

Hides the Lock Screen menu item

Note: On macOS 10.13 or later, the Lock Screen menu item is hidden by default in Jamf Connect Sync.

<key>HideLockScreen</key>

<true/>

HidePreferences

Hide Preferences Menu Item

Hides the Preferences menu item

<key>HidePreferences</key>

<false/>

HideQuit

Hide Quit Menu Item

Hides the Quit menu item

<key>HideQuit</key>

<false/>

HideSignIn

Hide Sign In Menu Item

Hides the Sign In menu item

<key>HideSignIn</key>

<false/>

Menu Text Settings

Key

Description

Example

MenuAbout

About Menu Text

Menu item text for the About item

<key>MenuAbout</key>

<string>About</string>

MenuActions

Actions Menu Text

Menu item text for the Actions item

<key>MenuActions<key>

<string>Actions</string>

MenuChangePassword

Change Password Menu Text

Menu item text for the Change Password item

<key>MenuChangePassword</key>

<string>Change Password</string>

MenuIcon

Menu Icon

Path to the menu bar icon image

Note: A 16x16 pixel image is recommended.

<key>MenuIcon</key>

<string>/usr/local/images/icon.png</string>

MenuGetHelp

Get Help Menu Text

Menu item text for the Get Help item

<key>MenuGetHelp</key>

<string>Get Help</string>

MenuGetSoftware

Get Software Menu Text

Menu item text for the Get Software item

<key>MenuGetSoftware</key>

<string>Get Software</string>

MenuLockScreen

Lock Screen Menu Item

Menu item text for the Lock Screen item

<key>MenuLockScreen</key>

<string>Lock Screen</string>

MenuPreferences

Preferences Menu Text

Menu item text for the Preferences item

<key>MenuPreferences</key>

<string>Preferences</string>

MenuSignIn

Sign In Menu Text

Menu item text for the Sign In item

<key>MenuSignIn</key>

<string>Sign In</string>

Additional Text Settings

Key

Description

Example

LabelUsername

Username Field Label

The text label for the username field in the Sign In window

<key>LabelUsername</key>

<string>Username:</string>

LabelPassword

Password Field Label

The text label for the password field in the Sign In window

<key>LabelPassword</key>

<string>Password:</string>

MessageOTPEntry

One-time Password Message

Text displayed when a user must enter a one time password (OTP) as a multi-factor authentication (MFA) method.

<key>MessageOTPEntry</key>

<string>Enter your verification code.</string>

MessagePasswordChangePolicy

Password Change Policy Message

Text displayed to users that communicates the authentication domain's password complexity policy when changing a password via Kerberos

<key>MessagePasswordChangePolicy</key>

<string>Password does not meet complexity requirements or was recently used. Try a different password.

</string>

MessagePluginDisabled

Safari Extension Warning Prompt

Text displayed to users when the Safari plugin is not enabled

Note: The CheckSafariExtension key must be set to true to use this setting.

<key>MessagePluginDisabled</key>

<string>The Jamf Connect Sync Safari extension has not been enabled. Enable it now in Safari Preferences.</string>

TitleSignIn

Sign In Window Title

Specifies the title of the Sign In window.

<key>TitleSignIn</key>

<string>Sign In</string>

Preferences Set by Jamf Connect Sync

The following table lists the preference keys automatically set by Jamf Connect Sync.

Important: Administrators should not configure these keys.

Key	Description	Example
`ADExpiration`	The date the users’s password expires as pulled from the authentication domain	`<key>ADExpiration</key>` `<date>2017-12-22 21:39:17 +0000<date>`
`DisplayName`	The full name of the user as pulled from the authentication domain	`<key>DisplayName</key>` `<string>full name</string>`
`ExpirationWarningLast`	The time the last expiration notification was sent	`<key>ExpirationWarningLast</key>` `<date>2020-12-22 21:39:17 +0000</date>`
`FirstRunDone`	Shows if Jamf Connect Sync has been launched	`<key>FirstRunDone</key>` `<true/>`
`LastCertificateExpiration`	Longest expiration date of a certificate pulled from authentication domain for this user	`<key>LastCertificateExpiration</key>` `<date>2020-12-22 21:39:17 +0000</date>`
`LastSignIn`	Date of the last successful sign in to Okta	`<key>LastSignIn</key>` `<date>2020-12-22 21:39:17 +0000</date>`
`PasswordLength`	Password length requirement from the authentication domain for the current user	`<key>PasswordLength</key>` `<integer>8</integer>`
`UserEmail`	Email address of the user as pulled from their authentication record	`<key>UserEmail<key>` `<string>username@email.com</string>`
`UserFirstName`	First name of the user as pulled from their authentication record	`<key>UserFirstName</key>` `<string>FirstName</string>`
`UserGroups`	Group membership of the user as pulled from authentication domain	`<key>UserGroups</key>` `<array>` `<string>Mammals</string>` `<string>nomads</string>` `<string>admins</string>` `</array>`
`UserLastName`	Last name of the user as pulled from their authentication domain record	`<key>UserLastName</key>` `<string>LastName</string>`
`UserLoginName`	Last cloud identity account to log in with Jamf Connect Sync.	`<key>UserLoginName</key>` `<string>username@email.com</string>`
`UserShortName`	Short name of the user as pulled from their authentication domain record	`<key>UserShortName</key>` `<string>name</string>`
`UserUPN`	UPN of the user as pulled from their authentication domain record	`<key>UserUPN</key>` `<string>username@email.com</string>`

Related Information

See the following sections of this guide for related information:

Configuring File Shares with Jamf Connect Sync
Find out how to configure a file share menu item.

Configuring Jamf Connect Sync

Preference Keys

Preferences Set by Jamf Connect Sync

Related Information

Search results