Network and Local Authentication Restrictions

You can configure Jamf Connect to manage when users can complete network or local authentication to log in to computers. The Require Network Authentication (DenyLocal) setting forces users to log in with the cloud identity provider. When enabled, the Local Login button is hidden from the login window. This setting is usually used alongside the Allow Local Fallback (LocalFallback) setting, which only allows users to use local authentication if a network connection is unavailable. Together, these settings ensure the following:

  • Computers are secured via network authentication.

  • Users are not locked out of their computers if a network connection is unavailable.

Local and Network Authentication Management Settings

Domain: com.jamf.connect.login

Description: Used to determine local and network authentication restrictions.

Key

Description

Example

DenyLocal

Require Network Authentication

Determines if users can bypass network authentication and use local account credentials.

When set to true, the Local Login button is not available, and the user must use network authentication to log in.

If set to false, the Local Login button is available, and users can choose to authenticate locally.

<key>DenyLocal</key>

<false/>

DenyLocalExcluded

Users with local authentication privileges

Specifies which users can still locally authenticate if DenyLocalis set to true

<key>DenyLocalExcluded</key>

<array>

<string>user-one</string>

<string>user-two</string>

<string>user-three</string>

<string>user-four</string>

</array>

LocalFallback

Allow Local Fallback

This key is used with DenyLocal to force authentication to the IdP first, but then fall back to local authentication if a network connection is unavailable.

<key>LocalFallback</key>

<false/>

OIDCDefaultLocal

Use Local Authentication by Default

When set to true, Jamf Connect will use local authentication by default rather than network authentication, which ensures users can always log in without a network connection.

<key>OIDCDefaultLocal</key>

<false/>

Related Information

For related information, see the following:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.