Local Account Creation

The following describes a typical user experience when your MDM solution deploys Jamf Connect during an Automated Device Enrollment workflow. Keep the following environment variables in mind about the Jamf Connect user experience.

  • The login user experience may vary based on the identity provider (IdP) and preferences used in your environment. The screenshots below are from a Microsoft Azure AD integration.

  • If Okta authentication is used, Jamf Connect's user interface displays. If OpenID Connect authentication is configured, a webview with your IdP's login screen displays.

  • If required by your IdP, the user may be prompted with multifactor authentication (MFA) challenge on another device.

  1. The user follows on-screen steps to complete Apple's Setup Assistant and enroll the computer in MDM.

  2. When the Jamf Connect login window displays, the user enters their network username or password.
    Azure IdP Network login window with Shut Down, Restart, Local Login, and Refresh buttons at the bottom and a step indicator at the top with Authenticate and Verify steps.

    The Azure IdP login window.

    Note:

    • If Okta authentication is used, Jamf Connect's native user interface displays. If OpenID Connect authentication is configured, a web view with your IdP's login screen displays.

    • If required by your IdP, the user may be prompted with a multifactor authentication (MFA) challenge on another device.

  3. (OpenID Connect only) Depending on how the login window is configured to create the local password, one of the following occurs:
    Prompt to create a separate local password

    If the Create a Separate Local Password (OIDCNewPassword) setting is set to true, users are prompted to create a new password for their local account and then click Create Account.

    Window where the user enters a password for their new local account and reenters it to verify. Buttons include "Cancel" and "Create Account".
    Prompt to verify their network password

    If the Create a Separate Local Password (OIDCNewPassword) setting is set to false, users are prompted to re-enter their network password and then click Create Account. This ensures that a user's network and local password are synchronized after account creation.


    Window that says "Re-enter your cloud password to sync it with your new local account" and buttons including "Cancel" and "Create Account".
    (Passthrough authentication) Automatically logged in to their new account

    If the Use Passthrough Authentication (OIDCUsePassthroughAuth) setting is set to true, the network password is automatically passed to Jamf Connect to create a local account. The user is not prompted to re-enter a password.