2.1.2 (2020-12-14)

Jamf Connect 2.1.2 includes the following bug fixes and enhancements.

Bug Fixes and Enhancements

Configuration

Fixed an issue that prevented Jamf Connect Configuration from notifying users of unsupported preference keys if their level of indentation in the XML file was three or more levels deep.

Menu Bar App

If you do not have MFA configured, you can now use the ShortNameAttribute preference key to specify a custom attribute included in an ID token for use as a Kerberos short name. This value is stored in the Jamf Connect state settings as the CustomShortName key-value.
For more information, see Menu Bar App Preferences.
[PI-08909] Fixed an issue that caused Jamf Connect to fail to sync and store passwords in Keychain if the password contained the pound symbol (£).
[PI-009016] Fixed an issue that caused Jamf Connect to continue to prompt users for their short name at each login.
[PI-009017] Fixed an issue that caused the menu bar app to not respect the Hide Password Expiration Menu Item (PasswordExpiration) preference.
[PI-009018] Fixed an issue that caused Jamf Connect to display a blank web view when attempting to log in to the menu bar app if the network password was expired and MFA was not configured.
[JC-2302] Fixed an issue that caused the menu bar app to display a nonresponsive item named "item" when the password expiration menu bar item was not configured to be hidden.
[JC-2195] Fixed an issue that caused some elements of security prompts to be obscured when the language settings were set to a language other than English.

2.1.1 (2020-11-30)

Jamf Connect 2.1.1 includes the following bug fixes and enhancement.

Configuration

Removed an extraneous button that could be added to the toolbar, which acted the same as the Test button.

Login Window

[PI-008978] Fixed an issued that caused Jamf Connect to display a grey screen when a custom login window message and an Apple policy banner were both configured.
[PI-008987] Fixed an issue that caused the Jamf Connect login window to freeze after entering the FileVault password when FileVault is enabled on computers, an Acceptable Use Policy screen was configured to display, and Require Network Authentication (DenyLocal) was disabled.
[JC-2126] Fixed an issue that caused the local help file, when configured, to unexpectedly display for about two seconds after a successful network authentication.

Menu Bar App

[PI-009016] Fixed an issue that prevented password sync prompts from displaying on Big Sur if Enable Automatic Sign-in (AutoAuthenticate) was enabled.

2.1.0 (2020-11-16)

Jamf Connect 2.1.0 includes the following enhancements and bug fixes.

Acceptable Use Policy Screen Redesign

The Acceptable Use Policy Screen has been redesigned to match the appearance of the Jamf Connect login window redesign that was released with Jamf Connect 2.0.0.

For more information about configuring this feature, see Acceptable Use Policy.

Apple Silicon Compatibility for Jamf Connect

Jamf Connect is now a universal app that can run on Macs with Apple silicon* or Intel hardware.

Important: New Macs with Apple silicon do not install Rosetta, Apple's binary translation service, until an Intel-based application is first opened. To ensure Macs with Apple silicon successfully run Jamf Connect, make sure you deploy Jamf Connect 2.1.0 or later to Macs with Apple silicon in your environment.

*Hardware support is based on testing with the Mac Developer Transition Kit.

Changes to Enabling FileVault for Standard Accounts for macOS 11

Beginning with macOS 11, you no longer need to use the LAPS User (LAPSUser) setting to specify which local administrator account receives a SecureToken and then grants it to standard local accounts created by Jamf Connect. If you use Jamf Connect to enable FileVault for local administrator and standard accounts, remove the LAPS User (LAPSUser) setting from login window configuration profiles that are deployed to computers with macOS 11.

For more information, see FileVault Enablement with Jamf Connect.

Bug Fixes and Enhancements

Jamf Connect 2.1.0 includes the following bug fixes.

Configuration

You can now use the text editor in Jamf Connect Configuration to add and edit nonstandard preference keys. Configurations with nonstandard keys can also be imported without being modified.

Licensing

Fixed an issue that prevented license data from being respected as a base64 encoded string that is configured with the License File (LicenseFile) preference key.

Login Window

[PI-008704] Fixed an issue that prevented local user accounts created via Okta from respecting user role changes configured with OIDC apps in Okta.
[PI-008935] [JC-2017] Fixed an issue that prevented custom messages displayed with the Login Window Message (LoginWindowMessage) setting from hiding the last word of the message.
Fixed an issue that caused the login window to cache usernames in the identity provider (IdP) web view on computers with macOS 11.
Fixed an issue that caused the username text to turn black when selected after an unsuccessful Okta authentication attempt on computers with macOS 11.

2.0.2 (2020-11-03)

Note: The legacy Jamf Connect applications (Login, Sync, Verify) were recently updated to support macOS Big Sur 11. If you have not yet upgraded to Jamf Connect 2.0.0 or later and want to ensure Jamf Connect is compatible with computers on macOS 11, you can deploy Jamf Connect 1.19.3. To download Jamf Connect 1.19.3 from Jamf Nation, navigate to My Assets > Jamf Connect > Previous Versions. For instructions on upgrading to Jamf Connect 2.0.0 or later, see the Upgrading to Jamf Connect 2.0.0 or Later Knowledge Base article.
*Compatibility is based on testing with the latest Apple beta releases.

Jamf Connect 2.0.2 includes the following enhancements and bug fixes.

Jamf Connect Configuration Enhancements

Automatically Name Imported Configurations—Jamf Connect Configuration now uses the file names of imported configuration files to automatically name the configuration. You can still change the name of an imported configuration file by clicking on it in the sidebar and entering a new name.
Jamf Connect Configuration Setup Assistant Removed—The setup assistant has been removed from Jamf Connect Configuration to provide a simpler, more intuitive interface. To create a new configuration, click the + icon at the bottom of the sidebar.

Bug Fixes

Jamf Connect 2.0.2 includes the following bug fixes.

Login Window

[PI-008725] Fixed an issue that prevented password verification from succeeding and a custom short name from being added to the user's local account when the Short Name (OIDCShortName) setting was used.
[JC-2175] Fixed an issue that caused loginwindow mechanisms to run twice after upgrading Jamf Connect to a new version, which sometimes caused the Acceptable Use Policy screen, when configured, to appear twice during user logins.

Menu Bar App

[PI-008974] Fixed an issue that sometimes caused Jamf Connect to fail to prompt users to update out of sync passwords if the password was changed in Okta.

Configuration

[JC-2021] Fixed an issue that caused Jamf Connect Configuration to lose license file information when quit.
[JC-2050] Fixed an issue that caused Jamf Connect Configuration to create a blank configuration when clicking Cancel on an unsupported keys alert.

2.0.1 (2020-10-19)

Note: Jamf Pro 10.25.0 introduced new computer extension attribute templates for Jamf Connect and an automatic way to install a Jamf Connect privacy preferences policy control (PPPC) profile. For more information, see the Jamf Pro Release Notes.

Bug Fixes

Jamf Connect 2.0.1 includes the following bug fixes:

Login Window

[PI-007101] Fixed an issue that prevented Google ID users from being prompted to enroll in multifactor authentication (MFA) when required.
[PI-008868] Fixed an issue that prevented the Use Local Authentication by Default (OIDCDefaultLocal) setting from being respected.
[PI-008870] [JC-1956] Fixed an issue that caused the acceptable use policy screen, when configured, to incorrectly display.
[PI-008874] Fixed an issue that prevented OneLogin users from creating accounts via Jamf Connect and Jamf Pro's Enrollment Customization settings.
[PI-008861] Fixed an issue that caused to Login Window Message (LoginWindowMessage) to be unavailable in the Jamf Repository settings available in Jamf Pro's Application & Custom Settings payload.
[PI-008899] Fixed an issue that caused the notify screen, when enabled, to expand to the full-screen width.

Menu Bar

[PI-008593] Fixed an issue that caused the menu bar app to fail to redirect users to the Okta dashboard if the Auth Server (AuthServer) value in the configuration is spelled with any capital letters.
[PI-008869] Fixed an issue that caused the menu bar app to incorrectly display a license validation error on computers with a valid Jamf Connect license.
[JC-1939] Fixed an issue that caused the menu bar app to always open Jamf Self Service if it is installed on the computer, even when the Self Service Path (SoftwarePath) preference is configured to open a different software.
[JC-1987] Fixed an issue that caused the Home or Home Directory menu bar item to appear even when the UserHomeDirectory value did not exist in a user's state settings or when a Kerberos integration was not configured.
[JC-2080] Fixed an issue that prevented the value of the ShortName key from being used for Kerberos authentication.

Configuration

[JC-1922] Fixed an issue that caused Jamf Connect Configuration to fail to clear formatting on text pasted into the code editing field.
[JC-2053] Fixed an issue that caused the Jamf Connect Configuration UI to be missing the User Help, Keychain, Scripting, and Certificates settings sections.

2.0.0 (2020-09-28)

Jamf Connect 2.0.0 introduces a significant redesign to the Jamf Connect login window user experience and product deployment.

For instructions on upgrading from Jamf Connect 1.19.2 or earlier to Jamf Connect 2.0.0, see the Upgrading to Jamf Connect 2.0.0 or Later Knowledge Base article.

What's New

Jamf Connect 2.0.0 includes the following new features and improvements.

Unified Menu Bar App

Jamf Connect Sync and Jamf Connect Verify are now a single menu bar app called "Jamf Connect". that can be configured and deployed for any supported cloud identity provider (IdP).

The Jamf Connect 2.0.0 packages install the following components on computers:

Component	Location
JamfConnectLogin.bundle	`/Library/Security/SecurityAgentPlugins/JamfConnectLogin.bundle` `/Library/Security/SecurityAgentPlugins/JamfConnectLogin.bundle/Contents/MacOS/authchanger` `/usr/local/lib/pam/pam_saml.so.2`
Jamf Connect.app	`/Applications/Jamf Connect.app`

New App Icon

The Jamf Connect app has a new icon. Look for the following icon in the Applications folder when Jamf Connect is installed on computers:

Note: The Jamf icon is still used in the menu bar when the app is open.

New Menu Bar Sign-In Preference for Okta

Users can now determine whether the Okta dashboard is opened in their selected browser after sign-in by selecting the checkbox next to the Browser pop-up menu. This setting is enabled by default and can be managed with the LaunchBrowser preference key (boolean) in the WebBrowser dictionary.

Login Window Redesign

The login window has been redesigned with a modern and improved user experience for both Okta authentication and OpenID Connect authentication methods.

Step Indicators

The top of the login window now includes step indicators to help users through the Jamf Connect login process. Depending on the workflow, users will see the following:

Authenticate—Displays when users must authenticate with their cloud identity provider (IdP) and complete a multifactor authentication (MFA) challenge through their IdP, if configured.
Connect—Displays when the Connect existing local accounts to a network account (Migrate) settings is enabled. The user must 1) enter the password of an already existing local account that has a username that matches an account in the IdP, 2) choose an existing local account to connect to the IdP, or 3) create a new account based on the cloud IdP.
Verify—Asks the user to re-enter their network password, which serves as both an additional security layer and verifies that the user's local and IdP passwords match. If the network password does not match the local password, the user will be prompted to sync passwords.

Other Changes and Enhancements

Network Selection—The "Allow Network Selection" button has been replaced with a WiFi icon in the upper-right corner of the login window
Local Login—The "Local Auth" button is now named "Local Login" and appears along the bottom of the login window.
Error Messaging—Some error messages have been improved to help users troubleshoot configuration issues.
Custom Login Window Message—You can now add a custom message to the login window by configuring the LoginWindowMessage preference key.

For more information about the login window user experience, see End User Experience and Workflows.

Jamf Connect Configuration Enhancements

Jamf Connect Configuration 2.0.0 includes support for configuring primary Jamf Connect 2.0 settings and the following new features:

XML Editor

You can now use an XML editor mode to preview the configuration profile in XML and make manual changes to your configuration profile.

To view and edit your configuration profile in XML, click the </> icon.

New App Icon

Jamf Connect Configuration now uses the following icon in the Applications folder and Dock:

What's Changed

The following things have changed in Jamf Connect.

Installation

The login window and menu bar app are now included in a single package installer. You can use the package to install all components of Jamf Connect, or just the menu bar or login window.

The package installer will also remove the following from computers:

Jamf Connect Sync and Jamf Connect Verify apps
Jamf Connect Sync and Jamf Connect Verify launch agents. Launch agents will also be stopped.
Any associated installer receipts will be removed from the installer system.

authchanger Improvements

The commands arguments executed by the authchanger tool can now be read from a configuration profile. If used, the configuration profile must be written to com.jamf.connect.authchanger and contains the Arguments key, which is an array of strings of supported authchanger arguments. Arguments are read in the order in which the strings are configured, similar to how they are ordered in the command-line.

The following example enables Jamf Connect authentication:

<key>Arguments</key>
<array>
 <string>-reset<key>
 <string>-jamfconnect</string>
</array>

The Jamf Connect installer does not add any arguments to authchanger by default. To enable the login window, you use one of the following methods to pass authchanger arguments:

Note: Jamf Connect will look for authchanger arguments in this order.

Commands executed via the command-line. Consider the following scenarios:
- If a command is executed with arguments, any preferences found in a configuration profile will be ignored.
- If a command is executed without arguments, Jamf Connect will look for preferences in a configuration profile.
Preferences found in a configuration profile written to com.jamf.connect.authchanger
The Identity Provider (OIDCProvider) or Auth Server (AuthServer) preferences written to the com.jamf.connect.login. These pass the -JamfConnect argument to automatically enable OpenID Connect or Okta authentication.
If no arguments or preferences are found, the default loginwindow mechanisms will remain unchanged.

For more information about the authchanger tool, see authchanger.

Licensing Updates

The Jamf Connect menu bar app will now check both the com.jamf.connect and com.jamf.connect.login preference domains for a valid license. This ensures that you only have to deploy the license file in a single configuration profile, if you are using both the login window and the menu bar app for your organization.

License Usage Data: We may collect hashed data about license usage. This data is used to monitor the number of licenses in use with Jamf Connect in your organization and does not include any Personal Information.

Menu Bar App Launch Agent

A launch agent for the Jamf Connect menu bar is included as a separate installer package in the Jamf Connect DMG. When installed on computers, the launch agent will ensure that Jamf Connect remains open.

Preference Domains and Keys

The Jamf Connect menu bar app is configured using a single preference domain:

com.jamf.connect

Note: Login window preferences will continue to be written to the following domain:

/Library/Preferences/com.jamf.connect.login

Preference keys from Sync and Verify have also been merged and restructured using dictionaries. Preferences are sorted into the following collections:

Dictionary	Type	Description
`IdPSettings`	Dictionary	Used to allow Jamf Connect to complete authentication between your IdP and local accounts. Required settings vary by IdP.
`SignIn`	Dictionary	Used to configure the Sign-in window and user experience
`Appearance`	Dictionary	Use to customize Jamf Connect for your organization
`UserHelp`	Dictionary	Used to configure in-app help options for users
`PasswordPolicies`	Dictionary	Used to configure network password checks, expiration notifications, and password policies
`Kerberos`	Dictionary	Used to integrate Jamf Connect with a Kerberos realm for password syncing
`Keychain`	Dictionary	Used to allow Jamf Connect to sync passwords with keychain items
`CustomMenuItems`	Dictionary	Used to customize the names of menu items in Jamf Connect
`HiddenMenuItems`	Array	An array of strings used to hide Jamf Connect menu items from users
`Scripting`	Dictionary	Used to run custom scripts that are triggered by Jamf Connect authentication events
`Certificate`	Dictionary	Used to configure Windows web CA settings

Keep the following in mind when configuring new preferences for the Jamf Connect menu bar:

Preferences that are configured with an interval, such as NetworkCheck, can be disabled by setting the interval value to 0.
If setting preferences with the command-line, you will need to use the -dict-add argument to configure a dictionary of keys. The following example shows how to disable network password checks:

Example: defaults write com.jamf.connect PasswordPolices -dict-add NetworkCheck 0

For a complete list of menu bar preferences, Menu Bar App Preferences.

Renamed Preference Keys

Most preference keys used in Jamf Connect Sync and Jamf Connect Verify have been renamed to better represent their function or as a result of Jamf Connect becoming one app.

The following tables show which preference key names from Jamf Connect Sync and Jamf Connect Verify have been replaced with a new name in Jamf Connect 2.0.0:

Jamf Connect Sync Preference Key Changes

1.19.2 or Earlier	2.0.0
`AuthServer`	`OktaAuthServer`
`AutoAuth`	`AutoAuthenticate`
`DontShowWelcome`	`ShowWelcomeWindow`
`ExpirationWarningDays`	`ExpirationNotificationStartDay`
`GetHelpOptions`	`HelpOptions`
`GetHelpType`	`HelpType`
`HideAbout`	`About`
`HideActions`	`Actions`
`HideChangePassword`	`ChangePassword`
`HideGetHelp`	`GetHelp`
`HideGetSoftware`	`GetSoftware`
`HidePreferences`	`Preferences`
`HideQuit`	`Quit`
`HideSignIn`	`Connect`
`KerberosRealm`	`Realm`
`KerberosRenew`	`AutoRenewTickets`
`KerberosShortName`	`ShortNameAttribute`
`KerberosShortNameAsk`	`AskForShortName`
`KerberosShortNameAskMessage`	`AskForShortNameMessage`
`KeychainItems`	`PasswordItems`
`KeychainItemsInternet`	`InternetItems`
`LabelPassword`	`PasswordLabel`
`LabelUsername`	`UsernameLabel`
`LocalPasswordSyncMessage`	`SyncPasswordsMessage`
`MenuAbout`	`About`
`MenuActions`	`Actions`
`MenuChangePassword`	`ChangePassword`
`MenuGetHelp`	`GetHelp`
`MenuGetSoftware`	`GetSoftware`
`MenuIcon`	`MenubarIcon`
`MenuPreferences`	`Preferences`
`MenuSignIn`	`Connect`
`MessageOTPEntry`	`OneTimePasswordMessage`
`MessagePasswordChangePolicy`	`PolicyMessage`
`PasswordChangeCommand`	`OnPasswordChange`
`PasswordExpirationMenuDays`	`ExpirationCountdownStartDay`
`PasswordPolicy`	`PolicyRequirements`
`SelfServicePath`	`SoftwarePath`
`SignInCommand`	`OnAuthSuccess`
`Template`	`CertificateTemplate`
`TicketsOnSignIn`	`GetTicketsAtSignIn`
`TitleSignIn`	`WindowTitle`
`WifiNetworks`	`SecureNetworks`
`X509CA`	`WindowsCA`

Jamf Connect Verify Preference Key Changes

1.9.2 or Earlier	2.0.0
`DontShowWelcome`	`ShowWelcomeWindow`
`FailToolPath`	`OnAuthFailure`
`ForceSignInWindow`	`RequireSignIn`
`GetHelpOptions`	`HelpOptions`
`GetHelpType`	`HelpType`
`HideAbout`	`About`
`HideChangePassword`	`ChangePassword`
`HideGetHelp`	`GetHelp`
`HideGetSoftware`	`GetSoftware`
`HideHomeDirectory`	`HomeDirectory`
`HideLastUser`	`LastUser`
`HidePrefs`	`Preferences`
`HideQuit`	`Quit`
`HideResetPassword`	`ResetPassword`
`HideShares`	`Shares`
`KerberosGetTicketsAutomatically`	`GetTicketsAtSignIn`
`KerberosRealm`	`Realm`
`KerberosShortName`	`ShortNameAttribute`
`KerberosShortNameAsk`	`AskForShortName`
`KerberosShowCountdown`	`ExpirationCountdownStartDay`
`KerberosShowCountdownLimit`	`ExpirationCountdownStartDay`
`KeychainItems`	`PasswordItems`
`KeychainItemsInternet`	`InternetItems`
`LoginLogo`	`SignInLogo`
`MenuAbout`	`About`
`MenuActions`	`Actions`
`MenuChangePassword`	`ChangePassword`
`MenuGetHelp`	`GetHelp`
`MenuGetSoftware`	`GetSoftware`
`MenuHomeDirectory`	`HomeDirectory`
`MenuKerberosTickets`	`KerberosTickets`
`MenuResetPassword`	`ResetPassword`
`MenuShares`	`Shares`
`MessageLocalSync`	`SyncPasswordsMessage`
`ODICROPGID`	`ROPGID`
`OIDCChangePasswordURL`	`ChangePasswordURL`
`OIDCClientSecret`	`ClientSecret`
`OIDCDiscoveryURL`	`DiscoveryURL`
`OIDCProvider`	`Provider`
`OIDCResetPasswordURL`	`ResetPasswordURL`
`OIDCTenantID`	`TenantID`
`ROPGSuccessCodes`	`SuccessCodes`
`SelfServicePath`	`SoftwarePath`
`TimerNetworkCheck`	`NetworkCheck`
`WindowSignIn`	`WindowTitle`

Additional Changes

The following custom URL scheme that allows users to perform quick actions within the menu bar app has been updated for the unified menu bar app. For more information, see Jamf Connect URL Scheme.
The Create Jamf Connect Keychain (CreateJamfConnectPassword) setting has been added to the login window preferences. This setting allows Jamf Connect to automatically populate the Sign In window in the menu bar app with a user's network username and password that was used to log in or create a new local account with Jamf Connect. This setting is enabled by default and replaces the Create Jamf Connect Sync Keychain (CreateSyncPasswords) and Create Jamf Connect Verify Keychain (CreateVerifyPasswords) settings used in Jamf Connect 1.19.2 or earlier.
The Jamf Connect loginwindow mechanism that enables FileVault now only runs if the Enable FileVault (EnableFDE) setting is enabled in the Jamf Connect login window configuration profile.
The Retrieve Kerberos Tickets During Sign-in (GetTicketsAtSignIn) setting has been removed from the menu bar app. Jamf Connect now automatically retrieves Kerberos tickets for users if a Kerberos realm is configured with the Kerberos Realm (Realm) setting. This enhancement fixes JC-1898.

Deprecations and Removals

The following Jamf Connect features and settings have been deprecated or removed.

Browser Extensions

The Safari and Google Chrome Browser Extensions included with Jamf Connect Sync are no longer supported.

Removed Preference Keys

The following preference keys are no longer supported. These settings should not be included in a configuration profile for Jamf Connect 2.0.0 or later:

Jamf Connect Login

Jamf Connect Sync

Jamf Connect Verify

BackgroundImageAlpha
LoginScreen
CreateSyncPasswords
CreateVerifyPasswords

ActionsUpdateTime
ADExpirationShow
CenterSignInWindow
ChangePasswordOrder
ChangePasswordTimer
CheckSafariExtension
ExportableKey
HideLockScreen
IgnoreDomainReachability
KeychainItemsDebug
LDAPServers
LocalPasswordIgnore
LocalPasswordSync
LocalPasswordSyncOnMatchOnly
MenuLockScreen
MessagePluginDisabled
NetworkCheckAutomatically
PasswordCheckUpdateTime
PasswordExpirationMenu
PeriodicUpdateTime
UseKeychain
UseKeychainPrompt
UseKeychainPromptExclusions
WarnOnPasswordExpiration

AlwaysShowSuccess
HideSignIn
KeychainItemsCreateSerial
KeychainItemsDebug
LocalPasswordIgnore
MessageBrowserPasswordChange
MessageNetworkPasswordWrong
MessagePasswordSuccess
NetworkCheckAutomatically
WindowAbout

Removed Preference Domains

Jamf Connect configuration profiles written to the following domains are no longer supported and should be removed from computers:

com.jamf.connect.sync
com.jamf.connect.verify

Documentation Removals

The Jamf Connect Evaluation Guide has been removed.