Subsequent and Routine Logins

This section describes typical end user experiences for various configurations of Jamf Connect.

Logins with OpenID Connect Authentication

  1. Jamf Connect displays the IdP login window. The user enters their network username and password and follows the on-screen instructions.
    Azure IdP Network login window with Shut Down, Restart, Local Login, and Refresh buttons at the bottom and a step indicator at the top with Authenticate and Verify steps.

    The Azure IdP login window.

    If multifactor authentication (MFA) is configured in your IdP, the user completes an MFA challenge. The appearance may vary depending on which IdP you are using and how MFA is configured.
  2. The user verifies their password, which ensures that the local password matches the network password, and clicks Log In.
    Window that says "Verify your network password" with "Cancel" and "Log In" buttons below it.
    Jamf Connect verifies that the network and local passwords match, and the user is logged in.
    Note:

    If the user's local password is out of sync with the network password, Jamf Connect will prompt the user to sync passwords before log in completes.

Logins with Okta

  1. The user enters their network username and password.
    Okta login screen with Username and Password fields and a login button. Buttons below the login include Shut Down, Restart, and Help.

  2. (Optional) If MFA is enabled, the user is prompted to select and complete an MFA challenge. The user is logged in and the Finder displays.

Local Logins

If the Require Network Authentication (DenyLocal) setting not enabled, the user can bypass network authentication and log in with their local account credentials. This login method is also available if a network connection is not available and the Allow Local Fallback (LocalFallback) setting is enabled.

  1. The Jamf Connect login window displays.
    Azure IdP Network login window with Shut Down, Restart, Local Login, and Refresh buttons at the bottom and a step indicator at the top with Authenticate and Verify steps.

    The Azure IdP login window.

  2. The user clicks Local Login.

  3. If there are multiple users on the computer, the user selects their username from available account options. This screen does not appear and this step is skipped if there's only one user on the computer.
    Connect login screen with multiple users to choose from, showing users' pictures and names.
  4. The user enters their local account password and clicks Log In.
    Connect local login screen on a Mac with picture of the user, password field, and a phone button for signing in with biometrics or a pin code via the Unlock app. The new Enable Jamf Unlock toggle at the bottom of the screen.

    A user's local login displays with a password field and a button with a phone icon for singing in with Unlock. The Enable Jamf Unlock switch appears at the bottom of the screen if the user is paired with Jamf Unlock.

    The user is logged in and the Finder displays.

Logins on FileVault Encrypted Computers

If FileVault is enabled, the user must complete an additional authentication step to unlock the computer disk before the Jamf Connect login window can display.

  1. After the computer starts up, and the user is presented with a FileVault login window.

  2. The user enters their local password to unlock the disk.
    Note:

  3. The disk is unlocked and the Jamf Connect login window displays.