Configuring Jamf Connect Verify

You can configure Jamf Connect by setting preference keys.

Preference keys allow for full manipulation of Jamf Connect Login’s features. You can set preferences with any of the following methods:

  • Use Jamf Connect Configuration to create and test a configuration profile.
    For more information, see Jamf Connect Configuration.

  • Use Jamf Pro's Application & Custom Setting payload.
    For more information, see the Configuring Jamf Connect Settings in Jamf Pro Knowledge Base article.

  • Manually create a configuration profile with a text editor.

  • Set preferences with the command line using the defaults write command.

    Note: The defaults command will not show preferences set by an MDM solution.

Jamf Connect Verify preference keys are written to the following preference domain:

com.jamf.connect.verify

Preference Keys

The following tables contain all the preference key-value pairs used by Jamf Connect Verify.

Note: Example key-values, where applicable, match the default Jamf Connect setting. Boolean key-values that are not configured default to false unless stated otherwise, and key-values that configure text show the default text in the app.

Required Settings

Note: If you are configuring an Azure AD hybrid identity environment that stores some user credentials on-premise, see the Configuring Jamf Connect with Azure AD Hybrid Identity Solutions before configuring Jamf Connect Verify.

Key

Description

Example

OIDCProvider

Identity Provider

Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:

  • Azure

  • PingFederate

  • Custom

<key>OIDCProvider</key>

<string>Azure</string>

OIDCDiscoveryURL

Discovery URL

Your IdP's OpenID metadata document that stores OpenID configuration information. This value appears in the following format: " https://domain.url.com/.well-known/openid-configuration "

Note: This key is only required if the OIDCProvider key is set to "Custom" or "PingFederate".


<key>OIDCDiscoveryURL</key>

<string>https://domain.url.com/.well-known/openid-configuration</string>

OIDCROPGID

Client ID (Password Verification)

The client ID of the added app in your IdP used for verifying the user's local password via a resource owner password grant (ROPG) workflow. If you are using Jamf Connect Login, you can use the same client ID for both apps.

<key>OIDCROPGID</key>

<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>


Help Settings

Key

Description

Example

FailToolPath

Password Failure Tool

Specifies a path to a custom tool that can be used to remediate password failure issues.

<key>FailToolPath</key>

<string>insert-path-here</string>

GetHelpType

Get Help Type

The type help item users can access via the Get Help menu item, such as a URL, path or app

<key>GetHelpType</key>

<string>app</string>

GetHelpOptions

Get Help Options

Specifies the URL or path used in with the GetHelpType preference key. The following values are supported as substitutions:

  • <<serial>>

  • <<fullname>>

  • <<shortname>>

  • <<domain>>

Note: The GetHelpType key must be specified to use this preference key.

<key>GetHelpOptions</key>

<string>/Applications/Google Chrome.app</string>

SelfServicePath

Self Service Path

Specifies the file path for a Self Service application, if your Self Service type is not automatically detected by Jamf Connect.

<key>SelfServicePath</key>

<string>/Applications/Your.app</string>

Custom Display Settings

Key

Description

Example

MenuIconActive

Active Kerberos Tickets Icon

Image to use when the icon is active

<key>MenuIconActive</key>

<string>/usr/local/images/icon.png</string>

MenuIconDark

Dark Mode Menu Bar Icon

Image to use for the menu icon in dark mode

<key>MenuIconDark</key>

<string>/usr/local/images/icon.png</string>

DontShowWelcome

Skip About Screen on Launch

Hides the Jamf Connect Sync splash screen on launch

<key>DontShowWelcome</key>

<false/>

ForceSignInWindow

Force Sign In Window

Determines if the Sign In window should stay open until the user has successfully authenticated

<key>ForceSignInWindow</key>

<false/>

LoginLogo

Sign In Logo

Specifies an image to display in the Sign In window

<key>LoginLogo</key>

<string>/usr/local/images/logo.png</string>

OpenID Connect Settings

Key

Description

Example

OIDCChangePasswordURL

Change Password URL

URL to the password change page in the IdP

<key>OIDCChangePasswordURL</key>

<string>https://www.passwordchangeexample.com</string>

OIDCClientSecret

Client Secret

Client secret for ROPG operations

<key>OIDCClientSecret</key>

<string>insert-client-secret-here</string>

OIDCLoginURL

Login URL

URL to sign in to your IdP

<key>OIDCLoginURL</key>

<string>https://login.microsoftonline.com</string>

OIDCProvider

Identity Provider

Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:

  • Azure

  • PingFederate

  • Custom

<key>OIDCProvider</key>

<string>Azure</string>

OIDCRedirectURI

Redirect URI

The redirect URI used by your Jamf Connect app in your IdP.

"https://127.0.0.1/jamfconnect" is recommended by default, but any valid URI value may be used as long as the configured value in your IdP matches the the value in your Jamf Connect Login configuration profile.

<key>OIDCRedirectURI</key>

<string>https://127.0.0.1/jamfconnect</string>

OIDCResetPasswordURL

Reset Password URL

URL to the password reset page in the IdP

<key>OIDCResetPasswordURL</key>

<string>https://www.passwordresetexample.com</string>

OIDCROPGID

Client ID (Password Verification)

The client ID of the added app in your IdP used for verifying the user's local password via a resource owner password grant (ROPG) workflow. If you are using Jamf Connect Login, you can use the same client ID for both apps.

<key>OIDCROPGID</key>

<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>

ROPGSuccessCodes

Password Verification Success Codes

An array of strings that contain error codes from Azure during an ROPG password verification, which should be interpreted as successful by Jamf Connect.

For possible error codes that may need to be configured in your environment, see the following documentation from Microsoft: https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes

<key>ROPGSuccessCodes</key>

<array>

<string>AADSTS50012</string>

<string>AADSTS50131</string>

</array>

Kerberos Ticket Settings

Key

Description

Example

KerberosRealm

Kerberos Realm

Specifies the Kerberos realm used to obtain Kerberos tickets

<key>KerberosRealm</key>

<string>COMPANY.NET</string>

KerberosGetTicketsAutomatically

Retrieve Kerberos Tickets During Sign-in

Determines if Kerberos tickets are automatically retrieved

<key>KerberosGetTicketsAutomatically</key>

<false/>

KerberosShortName

Kerberos Short Name

The short name to use for Kerberos tickets. If unspecified, the user's sign-in name is used.

<key>KerberosShortName</key>

<string>Joel</string>

KerberosShortNameAsk

Ask for Short Name

Determines if the user is asked to enter their Kerberos short name on first sign in

<key>KerberosShortNameAsk</key>

<false/>

KerberosShortNameAskMessage

Ask for Short Name Message

The message displayed to users when requesting their Kerberos short name

<key>KerberosShortNameAskMessage</key>

<string>Please enter your Active Directory user name.</string>

KerberosShowCountdown

Display Active Directory Password Expiration

Shows the countdown of days remaining until the password expires

<key>KerberosShowCountdown</key>

<false/>

KerberosShowCountdownLimit

KerberosShowCountdownLimit

An integer, in days remaining, before the password expiration countdown is displayed in the menu bar

Note: To use the KerberosShowCountdownLimit key, the KerberosShowCountdown key must be set to true.

<key>KerberosShowCountdownLimit</key>

<integer>15</integer>

TimerKerberosCheck

Kerberos Ticket Retrieval Interval

Specifies the frequency, in minutes, that Kerberos tickets are retrieved

<key>TimerKerberosCheck</key>

<integer>15</Integer>

Password Settings

Key

Description

Example

TimerLocalCheck

Local Password Verification Interval

Specifies an interval, in minutes, between local password verifications.

<key>TimerLocalCheck</key>

<integer>15</integer>

TimerNetworkCheck

Network Password Verification Interval

Specifies an interval, in minutes, between network password verifications.

<key>TimerNetworkCheck</key>

<integer>15</integer>

LocalPasswordIgnore

Disable Local Password Verification (Debugging)

Specifies if local password verification should be ignored. This key should only be used for testing purposes.

<key>LocalPasswordIgnore</key>

<false/>

NetworkCheckAutomatically

Automatically Verify Network Password

Determines if the network password is verified automatically

<key>NetworkCheckAutomatically</key>

<false/>

Keychain Settings

Key

Description

Example

KeychainItems

Update Keychain Items

Determines what keychain items are updated when the user's local password is updated

<key>KeychainItems</key>

<array>

<string>keychain-item-one</string>

<string>keychain-item-two</string>

</array>

KeychainItemsDebug

Update Keychain Items Every Sign-in (Debugging)

Updates keychain items on every sign in. This key should only be used for debugging purposes.

<key>KeychainItemsDebug</key>

<false/>

KeychainItemsCreateSerial

Create Serial Number for Keychain Items

Serial for new keychain item creation

<key>KeychainItemsCreateSerial</key>

<string>insert-serial-here</string>

KeychainItemsInternet

Sync Password with Internet Keychain Items

Determines which internet accounts Jamf Connect should sync with the local password

<key>KeychainItemsInternet</key>

<array>

<string>keychain-item-one</string>

<string>keychain-item-two</string>

</array>

Hide Menu Settings

Key

Description

Example

HideAbout

Hide About Menu Item
Hides the About window

<key>HideAbout</key>

<false/>

HideChangePassword

Hide Change Passwords Menu Item

Hides the Change Password menu item

<key>HideChangePassword</key>

<false/>

HideGetHelp

Hide Get Help Menu Item

Hides the Get Help menu

<key>HideGetHelp</key>

<true/>

HideGetSoftware

Hide Get Software Menu Item

Hides the Get Software menu

Note: If a self-service app is installed on computers, the Get Software menu item is hidden by default.

<key>HideGetSoftware</key>

<false/>

HideHomeDirectory

Hide Home Directory Menu Item

Hides the home directory menu item

<key>HideHomeDirectory</key>

<true/>

HideLastUser

Hide Last User Menu Item

Hides the last user menu item

<key>HideLastUser</key>

<true/>

HidePrefs

Hide Preferences Menu Item

Hides the Preferences menu item

<key>HidePrefs</key><false/>

HideResetPassword

Hide Reset Password Menu Item

Hides the reset password menu item

<key>HideResetPassword</key>

<false/>

HideShares

Hide Shares Menu Item

Hides the shares menu

<key>HideShares</key>

<true/>

HideSignIn

Hide Sign In Menu Item

Hides the Sign in menu item

<key>HideSignIn</key>

<false/>

HideTickets

Hide Kerberos Ticket Menu Item

Hides the Tickets menu item

<key>HideTickets</key>

<false/>

HideQuit

Hide Quit Menu Item

Hides the Quit menu item

<key>HideQuit</key>

<false/>

Menu Text Preferences

Key

Description

Example

MenuAbout

About Menu Text

Title of the About menu

<key>MenuAbout</key>

<string>About</string>

MenuActions

Actions Menu Text

Title of the Actions menu item

<key>MenuActions</key>

<string>Actions</string>

MenuChangePassword

Change Password Menu Text

Title of the Change Password menu item

<key>MenuChangePassword</key>

<string>Change Password</string>

MenuGetHelp

Get Help Menu Text

Title of the Get Help menu

<key>MenuGetHelp</key>

<string>Get Help</string>

MenuGetSoftware

Get Software Menu Text

Title of the Get Software menu

<key>MenuGetSoftware</key>

<string>Get Software</string>

MenuHomeDirectory

Home Directory Menu Text

Title of the Home share menu

<key>MenuHomeDirectory</key>

<string>Home Directory</string>

MenuKerberosTickets

Kerberos Ticket Menu Text

Title of the Kerberos Tickets menu

<key>MenuKerberosTickets</key>

<string>Kerberos Tickets</string>

MenuResetPassword 

Reset Password Menu Text

Title of the reset password menu

<key>MenuResetPassword</key>

<string>Reset Password</string>

MenuShares

Shares Menu Text

Title of the shares menu

<key>MenuShares</key>

<string>Shares</string>

Additional Text Settings

Key

Description

Example

MessageBrowserPasswordChange

Password Change via Browser Message

Text shown after the user closes the in-app browser after changing a password

<key>MessageBrowserPasswordChange</key>

<string>Sign in again to complete your password change.</string>

MessageLocalSync

Sync Passwords Message

Text shown when the local password is not the same as the network password

<key>MessageLocalSync</key>

<string>Your Network password is not the same as your local account password. Please enter your local account password so that they can be synced.</string>

MessageNetworkPasswordWrong

MessageNetworkPasswordWrong

Text shown when the network password is incorrect

<key>MessageNetworkPasswordWrong</key>

<string>Network username or password is incorrect, please try again.</string>

WindowAbout

About Window Title

Title of the About window

<key>WindowAbout</key>

<string>Welcome to Jamf Connect Verify</string>

WindowSignIn

Sign In Window Title

Title of the Sign In window

<key>WindowSignIn</key>

<string>Sign In</string>

AlwaysShowSuccess

AlwaysShowSuccess

Determines if a success message is displayed when a user successfully signs in with Jamf Connect Verify.

<key>AlwaysShowSuccess</key>

<false/>

MessagePasswordSuccess

MessagePasswordSuccess

Text shown when a user successfully signs in with Jamf Connect Verify.

Note: The AlwaysShowSuccess key must be set to true.

<key>MessagePasswordSuccess</key>

<string>Successful sign in.</string>

Related Information

See the following sections of this guide for related information:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.