Menu Bar App Preferences

Menu Bar Authentication Settings

Domain: com.jamf.connect

Dictionary: IdPSettings

Description: Used to allow Jamf Connect to complete authentication between your IdP and local accounts. Required settings vary by IdP.

Key

Description

Example

Provider

Identity Provider

(Required) The name of your cloud identity Provider. The following values are supported:

  • Azure

  • GoogleID

  • IBMCI

  • Okta

  • OneLogin

  • PingFederate

  • Custom

<key>Provider</key>

<string>Azure</key>

OktaAuthServer

Okta Auth Server

(Required: Okta Only) Your organization's Okta domain. A preceding "https://" is optional.

<key>OktaAuthServer</key>

<string>your-company.okta.com</string>

ROPGID

Client ID

(Required: OpenID Connect Only) The client ID of your Jamf Connect app in your IdP. This value allows Jamf Connect to complete a resource owner password grant (ROPG), which is the process that performs password verification.

<key>ROPGID</key>

<string>9fcc52c7-ee36-4889-8517-lkjslkjoe23</string>

DiscoveryURL

Discovery URL

Your IdP's OpenID Connect discovery endpoint. This value appears in the following format: " https://domain.url.com/.well-known/openid-configuration "

If using AD FS, this value is your AD FS domain combined with the following: \"/adfs/.well- known/openid-configuration\".

Note: This preference is required if you are using "Custom" or "PingFederate" as your IdP.

<key>DiscoveryURL</key>

<string>https://domain.url.com/.well-known/openid-configuration</string>

TenantID

Tenant ID

The Tenant ID for your organization that is used for authentication.

Note: If IBM Security Verify is your IdP, this value is required.

<key>TenantID</key>

<string>jamfconnect</string>

ChangePasswordURL

Change Password URL

A URL to a password change web page in your IdP

<key>ChangePasswordURL</key>

<string>https://idp.example.com/.well-known/change-password</string>

ResetPasswordURL

Reset Password URL

A URL to a password reset web page in your IdP

<key>ResetPasswordURL</key>

<string>https://idp.example.com/.well-known/reset-password</string>

ClientSecret

Client Secret

The client secret of your Jamf Connect app in your IdP.

<key>OIDCClientSecret</key>

<string>yourClientSecret</string>

SuccessCodes

Password Verification Success Codes

An array of strings that contain error codes from your IdP during an ROPG password verification, which should be interpreted as successful by Jamf Connect.

For possible error codes that may need to be configured in your environment, see the following documentation from Microsoft: https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes

If using OneLogin, set this key to "MFA", if multifactor authentication is used in your environment.

<key>SuccessCodes</key>

<array>

<string>AADSTS50012</string>

<string>AADSTS50131</string>

</array>

Menu Bar Sign-in Settings

Domain: com.jamf.connect

Dictionary: SignIn

Description: Used to configure the sign-in user experience and multifactor authentication (MFA) options for Okta.

Key

Description

Example

AutoAuthenticate

Enable Automatic Sign-in

Determines if Jamf Connect will automatically attempt to sign in the user if there are saved credentials in the user's keychain.

<key>AutoAuthenticate</key>

<false/>

AutoMFA

Automatically Push Last MFA Method

(Okta only) Determines the user's most recently used multifactor authentication (MFA) method is automatically pushed during sign-in.

<key>AutoMFA</key>

<false/>

RequireSignIn

Require Sign-in

Determines if the Sign In window kept open on computers until users successfully authenticate.

<key>RequireSignIn</key>

<false/>

SignInLogo

Sign-in Logo

The file path to a locally stored image to use as a logo. Larger images will be automatically scaled down.

Notes:

  • A 342x90 pixel image is recommended.

  • Do not include a backslash "\" in your file path.

<key>SignInLogo</key>

<string>/usr/local/images/logo.png</string>

UsernameLabel

Username Field Label

Custom text for the Username field in the Sign In window

<key>UsernameLabel</key>

<string>Username:</string>

PasswordLabel

Password Field Label

Custom text for the Password field in the Sign In window

<key>PasswordLabel</key>

<string>Password:</string>

WindowTitle

Sign In Window Title

Custom title for the Sign In window

<key>WindowTitle</key>

<string>Connect</string>

MFARename

MFA Option Names

(Okta only) Custom names for each MFA option used with Okta authentication in your organization. For more information, about the types of MFA options you can configure with Jamf Connect and Okta, see Multifactor Authentication.

For more information about Okta MFA options, see the following Okta documentation: https://support.okta.com/help/s/setting-up-mfa-for-end-users?language=en_US

 

<key>MFARename</key>
<dict>
<key>push</key>
<string>Okta Verify app: Push Notification</string>
<key>question</key>
<string>Okta Verify app: Security Question</string>
<key>token:hardware</key>
<string>USB Security Key</string>
<key>software:totp</key>
<string>Verification Code</string>
<key>web</key>
<string>Duo Mobile app</string>
</dict>

MFAExcluded

Hidden MFA Options

(Okta only) A list of MFA options that you do not want to display to users

<key>MFAExcluded</key>
<array>
<string>push</string> <string>question</string> <string>token:hardware</string> <string>token:software:totp</string> <string>web</string></array>

OneTimePasswordMessage

One-time Password Message

(Okta only) Text displayed when a user must enter a one-time password (OTP) as a multifactor authentication (MFA) method

<key>OneTimePasswordMessage</key>

<string>Enter your verification code</key>

Menu Bar Custom Branding Settings

Domain: com.jamf.connect

Dictionary: Appearance

Description: Use to customize Jamf Connect for your organization

Key

Description

Example

MenubarIcon

Light Mode Icon

The file path to a custom icon for the Jamf Connect menu bar icon when Light Mode is enabled.

A 16x16 pixel image is recommended.

<key>MenubarIcon</key><string>/usr/local/icon.png</string>

MenubarIconDark

Dark Mode Icon

The file path to a custom icon for the Jamf Connect menu bar icon that displays when Dark Mode is enabled.

A 16x16 pixel image is recommended.

<key>MenubarIconDark</key><string>/usr/local/darkicon.png</string>

ShowWelcomeWindow

Show Welcome Window

Display the Welcome window each time Jamf Connect is opened.

<key>ShowWelcomeWindow</key><true/>

User Help Settings

Domain: com.jamf.connect

Dictionary: UserHelp

Description: Used to configure in-app help options for users

Key

Description

Example

HelpType

Get Help Type

The type of help option used by Jamf Connect

Note: Bomgar, URL and App are supported.

<key>HelpType</key>

<string>URL</string>

HelpOptions

Get Help Options

A URL or file path that users can access by clicking Get Help in the Jamf Connect menu.

Note: The GetHelpType key must be specified.

<key>HelpOptions</key>

<string>/Applications/Google Chrome.app</string>

SoftwarePath

Self Service Path

The file path for a Self Service application that Jamf Connect does not automatically find. Jamf Connect will automatically detect Jamf Self Service and Munki Managed Software Center.

<key>SoftwarePath</key>

<string>/Applications/Your.app</string>

Password Policy Settings

Domain: com.jamf.connect

Dictionary: PasswordPolicies

Description: Used to configure network password checks, expiration notifications, and password policies

Key

Description

Example

ExpirationCountdownStartDay

Password Expiration Countdown Start Date

An integer, in days remaining, before the password expiration countdown is displayed in the menu bar. By default, 14 days is used. This setting is disabled when set to 0.

<key>ExpirationCountdownStartDay</key>

<integer>14</integer>

ExpirationNotificationStartDay

Password Expiration Notification Start Date

An integer, in days remaining, before the user begins receiving notifications about an upcoming password expiration. By default, 7 days is used. This setting is disabled when set to 0.

 

<key>ExpirationNotificationStartDay</key>

<integer>7</integer>

NetworkCheck

Network Check-in Frequency

The check-in frequency that Jamf Connect will use to confirm the network password matches the local password. By default, 15 minutes is used. This setting is disabled when set to 0. Jamf Connect can only check the network password if the network is accessible.

 

<key>NetworkCheck</key>

<integer>15</integer>

SyncPasswordsMessage

Sync Passwords Message

A message displayed to users when Jamf Connect detects that their local and network passwords are out of sync.

<key>SyncPasswordsMessage</key>

<string>Your local and network passwords do not match. Enter your current local password to sync it with your network password</string>

PolicyRequirements

Password Policy Requirements

Defines the password complexity policy for changing the password. Jamf Connect will only enforce this setting if a different password policy from Active Directory or a cloud IdP is not detected.

<key>PolicyRequirements</key>
<dict>
<key>minLength</key>
<integer>8</integer>
<key>minLowerCase</key>
<integer>1</integer>
<key>minMatches</key>
<integer>3</integer>
<key>minNumber</key>
<integer>1</integer>
<key>minSymbol</key>
<integer>1</integer>
<key>minUpperCase</key>
<integer>1</integer>
</dict>

PolicyMessage

Password Policy Message

A message that explains your configured password policy. This message only displays when a users tries to set a password that does not meet your password policy requirements.

<key>PolicyMessage</key>

<string>This password does not meet your organization's minimum password complexity requirements.</string>

Kerberos Settings

Domain: com.jamf.connect

Dictionary: Kerberos

Description: Used to integrate Jamf Connect with a Kerberos realm for password syncing

Key

Description

Example

Realm

Kerberos Realm

Specifies the Kerberos realm used to get Kerberos tickets. Your Kerberos realm should be written in all caps.

<key>Realm</key>

<string>YOURCOMPANY.NET</string>

AutoRenewTickets

Renew Kerberos Tickets

Determines if the Kerberos tickets should be renewed

<key>AutoRenewTickets</key>

<false/>

ShortName

A custom short name to use to obtain Kerberos tickets.

<key>ShortName</key>

<string>Joel</string>

ShortNameAttribute

Short Name Attribute

The Active Directory LDAP attribute to use as a short name. If unspecified, the user's sign-in name is used.

<key>ShortNameAttribute</key>

<string>attribute</string>

AskForShortName

Ask for Short Name

Determines if the user is asked to enter their Kerberos short name on first sign in

<key>AskForShortName</key>

<false/>

AskForShortNameMessage

Ask for Short Name Message

The message displayed to users when requesting their Kerberos short name

<key>AskForShortNameMessage</key>

<string>Enter your Active Directory username.</string>

Keychain Settings

Domain: com.jamf.connect

Dictionary: Keychain

Description: Used to allow Jamf Connect to sync passwords with keychain items

Key

Description

Example

InternetItems

Sync Password with Internet Keychain Items

Internet accounts that Jamf Connect should sync with the local password.

<key>InternetItems</key>

<dict>

<key>InternetItemOne</key>

<string>www.example.com</string>

<key>InternetItemTwo</key>

<string>www.example.com</string>

</dict>

 

PasswordItems

Update Keychain Items

Keychain items that Jamf Connect should sync with the local password.

<key>PasswordItems</key>

<dict>

<key>AccountItemOne</key>

<string><<shortname>></string>

<key>AccountItemTwo/key>

<string><<shortname>></string>

</dict>

Menu Item Customization Settings

Domain: com.jamf.connect

Dictionary: CustomMenuItems

Description: Used to customize the names of menu items in Jamf Connect

Key

Description

Example

About

About Menu Text

Title of the About menu

<key>About</key>

<string>About</string>

Actions

Actions Menu Text

Title of the Actions menu item

<key>Actions</key>

<string>Actions</string>

ChangePassword

Change Password Menu Text

Title of the Change Password menu item

<key>ChangePassword</key>

<string>Change Password</string>

GetHelp

Get Help Menu Text

Title of the Get Help menu

<key>GetHelp</key>

<string>Get Help</string>

GetSoftware

Get Software Menu Text

Title of the Get Software menu

<key>GetSoftware</key>

<string>Get Software</string>

HomeDirectory

Home Directory Menu Text

Title of the Home directory menu

<key>HomeDirectory</key>

<string>Home Directory</string>

KerberosTickets

Kerberos Ticket Menu Text

Title of the Kerberos Tickets menu

<key>KerberosTickets</key>

<string>Kerberos Tickets</string>

Preferences

Preferences Menu Text

Title of the Preferences menu item

<key>Preferences</key>

<string>Preferences</string>

ResetPassword

Reset Password Menu Text

Title of the reset password menu item

<key>ResetPassword</key>

<string>Reset Password</string>

Shares

Shares Menu Text

Title of the shares menu item

<key>Shares</key>

<string>Shares</string>

Connect

Connect Menu Text

Title of the Connect menu item

<key>Connect</key>

<string>Connect</string>

Menu Item Display Settings

Domain: com.jamf.connect

Key: HiddenMenuItems

Description: An array of strings used to hide Jamf Connect menu items from users

Value

Description

Example

About

Hide About Menu Item
Hides the About window

<key>HiddenMenuItems</key>
<array><string>About</string></array>

Actions

Hide Actions Menu Item

 

Note: If a Shares menu item is not configured, this menu item is hidden by default.

<key>HiddenMenuItems</key>
<array><string>Actions</string></array>

ChangePassword

Hide Change Passwords Menu Item

Hides the Change Password menu item

<key>HiddenMenuItems</key>
<array><string>ChangePassword</string></array>

GetHelp

Hide Get Help Menu Item

Hides the Get Help menu

<key>HiddenMenuItems</key>
<array><string>GetHelp</string></array>

GetSoftware

Hide Get Software Menu Item

Hides the Get Software menu

Note: If a self-service app is not installed on computers, this menu item is hidden by default.

<key>HiddenMenuItems</key>
<array><string>GetSoftware</string></array>

HomeDirectory

Hide Home Directory Menu Item

Hides the home directory menu item

Note: If a home share is not detected, this menu item is hidden by default

<key>HiddenMenuItems</key>
<array><string>Home</string></array>

KerberosTickets

Hide Kerberos Ticket Menu Item

Hides the Tickets menu item

Note: If a Kerberos realm is not configured, this menu item is hidden by default.

<key>HiddenMenuItems</key>
<array><string>Tickets</string></array>

LastUser

Hide Last User Menu Item

Hides the last user menu item

<key>HiddenMenuItems</key>
<array><string>LastUser</string></array>

PasswordExpiration

Hide Password Expiration Menu Item

Hides the Password Expiration menu item

<key>HiddenMenuItems</key>
<array><string>PasswordExpiration</string></array>

Preferences

Hide Preferences Menu Item

Hides the Preferences menu item

<key>HiddenMenuItems</key>
<array><string>Preferences</string></array>

ResetPassword

Hide Reset Password Menu Item

Hides the reset password menu item

<key>HiddenMenuItems</key>
<array><string>ResetPassword</string></array>

Shares

Hide Shares Menu Item

Hide the Share menu item

Note: If a Shares menu item is not configured, this menu item is hidden by default.

<key>HiddenMenuItems</key>
<array><string>Shares</string></array>

Connect

Hide Connect Menu Item

Hides the Connect menu item

<key>HiddenMenuItems</key>
<array><string>Connect</string></array>

Quit

Hide Quit Menu Item

Hides the Quit Jamf Connect menu item

<key>HiddenMenuItems</key>
<array><string>QuitJamfConnect</string></array>

Menu Bar Script Settings

Domain: com.jamf.connect

Dictionary: Scripting

Description: Used to run custom scripts that are triggered by Jamf Connect authentication events

Key

Description

Example

OnPasswordChange

Password Change Script

The file path to a script or other binary to run after successful password change

<key>OnPasswordChange</key>

<string>/usr/local/bin/PasswordChange.sh</string>

OnAuthSuccess

Successful Sign-in Script

The file path to a script or other binary to run after a successful Jamf Connect authentication

<key>OnAuthSuccess</key>

<string>/usr/local/bin/JamfConnectAuth.sh</string>

OnAuthFailure

Failed Sign-in Script

The file path to a script or other binary to run after an unsuccessful Jamf Connect authentication attempt

<key>OnAuthFailure</key>

<string>/usr/local/bin/JamfConnectAuthFailure.sh</string>

OnNetworkChange

Network Change Script

The file path to a script or other binary to execute after a network change is detected

<key>OnNetworkChange</key>

<string>/usr/local/bin/JamfConnectAuthFailure.sh</string>

Certificate Settings

Domain: com.jamf.connect

Dictionary: Certificate

Description: Used to configure Windows web CA settings

Key

Description

Example

WindowsCA

X.509 Certificate Authority

Specifies the URL of the Windows web certificate authority (CA) for Jamf Connect to use for certificates

<key>WindowsCA</key>

<string>dc1.jamfconnect.test</string>

CertificateTemplate

Certificate Template

Certificate template from a Windows web CA

<key>CertificateTemplate</key>

<string>User Auth</string>

GetCertificateAutomatically

Get Certificates Automatically

Enables Jamf Connect to get a certificate from a Windows web CA automatically on sign-in

<key>GetCertificateAutomatically</key>

<false/>

SecureNetworks

Associated Wi-Fi Networks

A list of secure wireless networks to associate with the certificate Jamf Connect created

<key>SecureNetworks</key>

<array>

<string>SSID1</string>

<string>SSID2</string>

</array

ExportableCertificateKey

Allow Private Key Exports

Allow the private key of the user certificate to be exported

<key>ExportableCertificateKey</key>

<false/>

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2020 Jamf. All rights reserved.