Configuring Jamf Connect Verify
You can configure Jamf Connect by setting preference keys.
Preference keys allow for full manipulation of Jamf Connect Login’s features. You can set preferences with any of the following methods:
-
Use Jamf Connect Configuration to create and test a configuration profile.
For more information, see Jamf Connect Configuration. -
Use Jamf Pro's Application & Custom Setting payload.
For more information, see the Configuring Jamf Connect Settings in Jamf Pro Knowledge Base article. -
Manually create a configuration profile with a text editor.
-
Set preferences with the command line using the defaults write command.
Note: The defaults command will not show preferences set by an MDM solution.
Jamf Connect Verify preference keys are written to the following preference domain:
com.jamf.connect.verify
Preference Keys
The following tables contain all the preference key-value pairs used by Jamf Connect Verify.
Note: Example key-values, where applicable, match the default Jamf Connect setting. Boolean key-values that are not configured default to false unless stated otherwise, and key-values that configure text show the default text in the app.
Required Settings
Note: If you are configuring an Azure AD hybrid identity environment that stores some user credentials on-premise, see the Configuring Jamf Connect with Azure AD Hybrid Identity Solutions before configuring Jamf Connect Verify.
|
Key |
Description |
Example |
|
OIDCProvider |
Identity Provider Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:
|
<key>OIDCProvider</key> <string>Azure</string> |
|
OIDCDiscoveryURL |
Discovery URL Your IdP's OpenID metadata document that stores OpenID configuration information. This value appears in the following format: " https://domain.url.com/.well-known/openid-configuration " Note: This key is only required if the OIDCProvider key is set to "Custom" or "PingFederate".
|
<key>OIDCDiscoveryURL</key> <string>https://domain.url.com/.well-known/openid-configuration</string> |
|
OIDCROPGID |
Client ID (Password Verification) The client ID of the added app in your IdP used for verifying the user's local password via a resource owner password grant (ROPG) workflow. If you are using Jamf Connect Login, you can use the same client ID for both apps. |
<key>OIDCROPGID</key> <string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string> |
Help Settings
|
Key |
Description |
Example |
|
FailToolPath |
Password Failure Tool Specifies a path to a custom tool that can be used to remediate password failure issues. |
<key>FailToolPath</key> <string>insert-path-here</string> |
|
GetHelpType |
Get Help Type The type help item users can access via the Get Help menu item, such as a URL, path or app |
<key>GetHelpType</key> <string>app</string> |
|
GetHelpOptions |
Get Help Options Specifies the URL or path used in with the GetHelpType preference key. The following values are supported as substitutions:
Note: The GetHelpType key must be specified to use this preference key. |
<key>GetHelpOptions</key> <string>/Applications/Google Chrome.app</string> |
|
SelfServicePath |
Self Service Path Specifies the file path for a Self Service application, if your Self Service type is not automatically detected by Jamf Connect. |
<key>SelfServicePath</key> <string>/Applications/Your.app</string> |
Custom Display Settings
|
Key |
Description |
Example |
MenuIconActive |
Active Kerberos Tickets Icon Image to use when the icon is active |
<key>MenuIconActive</key> <string>/usr/local/images/icon.png</string> |
MenuIconDark |
Dark Mode Menu Bar Icon Image to use for the menu icon in dark mode |
<key>MenuIconDark</key> <string>/usr/local/images/icon.png</string> |
|
DontShowWelcome |
Skip About Screen on Launch Hides the Jamf Connect Sync splash screen on launch |
<key>DontShowWelcome</key> <false/> |
|
ForceSignInWindow |
Force Sign In Window Determines if the Sign In window should stay open until the user has successfully authenticated |
<key>ForceSignInWindow</key> <false/> |
|
LoginLogo |
Sign In Logo Specifies an image to display in the Sign In window |
<key>LoginLogo</key> <string>/usr/local/images/logo.png</string> |
OpenID Connect Settings
|
Key |
Description |
Example |
|
OIDCChangePasswordURL |
Change Password URL URL to the password change page in the IdP |
<key>OIDCChangePasswordURL</key> <string>https://www.passwordchangeexample.com</string> |
|
OIDCClientSecret |
Client Secret Client secret for ROPG operations |
<key>OIDCClientSecret</key> <string>insert-client-secret-here</string> |
|
OIDCLoginURL |
Login URL URL to sign in to your IdP |
<key>OIDCLoginURL</key> <string>https://login.microsoftonline.com</string> |
|
OIDCProvider |
Identity Provider Specifies the IdP provider integrated with Jamf Connect Verify. The following values may be used:
|
<key>OIDCProvider</key> <string>Azure</string> |
|
OIDCRedirectURI |
Redirect URI The redirect URI used by your Jamf Connect app in your IdP. "https://127.0.0.1/jamfconnect" is recommended by default, but any valid URI value may be used as long as the configured value in your IdP matches the the value in your Jamf Connect Login configuration profile. |
<key>OIDCRedirectURI</key> <string>https://127.0.0.1/jamfconnect</string> |
|
OIDCResetPasswordURL |
Reset Password URL URL to the password reset page in the IdP |
<key>OIDCResetPasswordURL</key> <string>https://www.passwordresetexample.com</string> |
|
OIDCROPGID |
Client ID (Password Verification) The client ID of the added app in your IdP used for verifying the user's local password via a resource owner password grant (ROPG) workflow. If you are using Jamf Connect Login, you can use the same client ID for both apps. |
<key>OIDCROPGID</key> <string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string> |
|
ROPGSuccessCodes |
Password Verification Success Codes An array of strings that contain error codes from Azure during an ROPG password verification, which should be interpreted as successful by Jamf Connect. For possible error codes that may need to be configured in your environment, see the following documentation from Microsoft: https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes |
<key>ROPGSuccessCodes</key> <array> <string>AADSTS50012</string> <string>AADSTS50131</string> </array> |
Kerberos Ticket Settings
|
Key |
Description |
Example |
|
KerberosRealm |
Kerberos Realm Specifies the Kerberos realm used to obtain Kerberos tickets |
<key>KerberosRealm</key> <string>COMPANY.NET</string> |
|
KerberosGetTicketsAutomatically |
Retrieve Kerberos Tickets During Sign-in Determines if Kerberos tickets are automatically retrieved |
<key>KerberosGetTicketsAutomatically</key> <false/> |
|
KerberosShortName |
Kerberos Short Name The short name to use for Kerberos tickets. If unspecified, the user's sign-in name is used. |
<key>KerberosShortName</key> <string>Joel</string> |
|
KerberosShortNameAsk |
Ask for Short Name Determines if the user is asked to enter their Kerberos short name on first sign in |
<key>KerberosShortNameAsk</key> <false/> |
|
KerberosShortNameAskMessage |
Ask for Short Name Message The message displayed to users when requesting their Kerberos short name |
<key>KerberosShortNameAskMessage</key> <string>Please enter your Active Directory user name.</string> |
|
KerberosShowCountdown |
Display Active Directory Password Expiration Shows the countdown of days remaining until the password expires |
<key>KerberosShowCountdown</key> <false/> |
|
KerberosShowCountdownLimit |
KerberosShowCountdownLimit An integer, in days remaining, before the password expiration countdown is displayed in the menu bar Note: To use the KerberosShowCountdownLimit key, the KerberosShowCountdown key must be set to true. |
<key>KerberosShowCountdownLimit</key> <integer>15</integer> |
|
TimerKerberosCheck |
Kerberos Ticket Retrieval Interval Specifies the frequency, in minutes, that Kerberos tickets are retrieved |
<key>TimerKerberosCheck</key> <integer>15</Integer> |
Password Settings
|
Key |
Description |
Example |
|
TimerLocalCheck |
Local Password Verification Interval Specifies an interval, in minutes, between local password verifications. |
<key>TimerLocalCheck</key> <integer>15</integer> |
|
TimerNetworkCheck |
Network Password Verification Interval Specifies an interval, in minutes, between network password verifications. |
<key>TimerNetworkCheck</key> <integer>15</integer> |
|
LocalPasswordIgnore |
Disable Local Password Verification (Debugging) Specifies if local password verification should be ignored. This key should only be used for testing purposes. |
<key>LocalPasswordIgnore</key> <false/> |
|
NetworkCheckAutomatically |
Automatically Verify Network Password Determines if the network password is verified automatically |
<key>NetworkCheckAutomatically</key> <false/> |
Keychain Settings
|
Key |
Description |
Example |
|
KeychainItems |
Update Keychain Items Determines what keychain items are updated when the user's local password is updated |
<key>KeychainItems</key> <array> <string>keychain-item-one</string> <string>keychain-item-two</string> </array> |
|
KeychainItemsDebug |
Update Keychain Items Every Sign-in (Debugging) Updates keychain items on every sign in. This key should only be used for debugging purposes. |
<key>KeychainItemsDebug</key> <false/> |
|
KeychainItemsCreateSerial |
Create Serial Number for Keychain Items Serial for new keychain item creation |
<key>KeychainItemsCreateSerial</key> <string>insert-serial-here</string> |
|
KeychainItemsInternet |
Sync Password with Internet Keychain Items Determines which internet accounts Jamf Connect should sync with the local password |
<key>KeychainItemsInternet</key> <array> <string>keychain-item-one</string> <string>keychain-item-two</string> </array> |
Hide Menu Settings
|
Key |
Description |
Example |
|
HideAbout |
Hide About Menu Item |
<key>HideAbout</key> <false/> |
|
HideChangePassword |
Hide Change Passwords Menu Item Hides the Change Password menu item |
<key>HideChangePassword</key> <false/> |
|
HideGetHelp |
Hide Get Help Menu Item Hides the Get Help menu |
<key>HideGetHelp</key> <true/> |
|
HideGetSoftware |
Hide Get Software Menu Item Hides the Get Software menu Note: If a self-service app is installed on computers, the Get Software menu item is hidden by default. |
<key>HideGetSoftware</key> <false/> |
|
HideHomeDirectory |
Hide Home Directory Menu Item Hides the home directory menu item |
<key>HideHomeDirectory</key> <true/> |
|
HideLastUser |
Hide Last User Menu Item Hides the last user menu item |
<key>HideLastUser</key> <true/> |
|
HidePrefs |
Hide Preferences Menu Item Hides the Preferences menu item |
<key>HidePrefs</key><false/> |
|
HideResetPassword |
Hide Reset Password Menu Item Hides the reset password menu item |
<key>HideResetPassword</key> <false/> |
|
HideShares |
Hide Shares Menu Item Hides the shares menu |
<key>HideShares</key> <true/> |
|
HideSignIn |
Hide Sign In Menu Item Hides the Sign in menu item |
<key>HideSignIn</key> <false/> |
|
HideTickets |
Hide Kerberos Ticket Menu Item Hides the Tickets menu item |
<key>HideTickets</key> <false/> |
|
HideQuit |
Hide Quit Menu Item Hides the Quit menu item |
<key>HideQuit</key> <false/> |
Menu Text Preferences
|
Key |
Description |
Example |
MenuAbout |
About Menu Text Title of the About menu |
<key>MenuAbout</key> <string>About</string> |
MenuActions |
Actions Menu Text Title of the Actions menu item |
<key>MenuActions</key> <string>Actions</string> |
MenuChangePassword |
Change Password Menu Text Title of the Change Password menu item |
<key>MenuChangePassword</key> <string>Change Password</string> |
MenuGetHelp |
Get Help Menu Text Title of the Get Help menu |
<key>MenuGetHelp</key> <string>Get Help</string> |
MenuGetSoftware |
Get Software Menu Text Title of the Get Software menu |
<key>MenuGetSoftware</key> <string>Get Software</string> |
MenuHomeDirectory |
Home Directory Menu Text Title of the Home share menu |
<key>MenuHomeDirectory</key> <string>Home Directory</string> |
MenuKerberosTickets |
Kerberos Ticket Menu Text Title of the Kerberos Tickets menu |
<key>MenuKerberosTickets</key> <string>Kerberos Tickets</string> |
MenuResetPassword |
Reset Password Menu Text Title of the reset password menu |
<key>MenuResetPassword</key> <string>Reset Password</string> |
MenuShares |
Shares Menu Text Title of the shares menu |
<key>MenuShares</key> <string>Shares</string> |
Additional Text Settings
|
Key |
Description |
Example |
|
MessageBrowserPasswordChange |
Password Change via Browser Message Text shown after the user closes the in-app browser after changing a password |
<key>MessageBrowserPasswordChange</key> <string>Sign in again to complete your password change.</string> |
|
MessageLocalSync |
Sync Passwords Message Text shown when the local password is not the same as the network password |
<key>MessageLocalSync</key> <string>Your Network password is not the same as your local account password. Please enter your local account password so that they can be synced.</string> |
|
MessageNetworkPasswordWrong |
MessageNetworkPasswordWrong Text shown when the network password is incorrect |
<key>MessageNetworkPasswordWrong</key> <string>Network username or password is incorrect, please try again.</string> |
|
WindowAbout |
About Window Title Title of the About window |
<key>WindowAbout</key> <string>Welcome to Jamf Connect Verify</string> |
|
WindowSignIn |
Sign In Window Title Title of the Sign In window |
<key>WindowSignIn</key> <string>Sign In</string> |
|
AlwaysShowSuccess |
AlwaysShowSuccess Determines if a success message is displayed when a user successfully signs in with Jamf Connect Verify. |
<key>AlwaysShowSuccess</key> <false/> |
|
MessagePasswordSuccess |
MessagePasswordSuccess Text shown when a user successfully signs in with Jamf Connect Verify. Note: The AlwaysShowSuccess key must be set to true. |
<key>MessagePasswordSuccess</key> <string>Successful sign in.</string> |
Related Information
See the following sections of this guide for related information:
-
Configuring Action Menu Items
Find out how to configure a custom action menu item. -
Configuring File Shares with Jamf Connect Verify
Find out how to configure file shares.