Enabling Jamf Unlock on Computers
By default, Jamf Unlock settings are hidden in the Jamf Connect menu bar app. To display these settings and allow users to access the Paired Devices window, you must set the EnableUnlock key to true in a configuration profile or PLIST written to the com.jamf.connect preference domain.
To allow users to use Jamf Unlock at the macOS login window, set the EnableUnlockForLogin setting to true.
To require users to use a PIN to complete authentication requests, you must also configure the RequirePIN setting to true.
When Jamf Unlock is enabled for a user on a computer, you may only authenticate as that user. If you need to change which account authenticates, disable Jamf Unlock in the Jamf Connect menu bar app. This allows authentication with your admin username and password. You can re-enable Jamf Unlock in the menu bar app so that the user can continue passwordless authentication using their account.
To use Jamf Unlock at the macOS login window, you need the following:
The Jamf Unlock 1.4.0 or later
Jamf Connect 2.7.0 or later installed on computers with macOS 11 or later
The Jamf Connect launch agent installed on computers
For more information, see Launch Agent.
Configure and deploy the following settings as a separate .mobileconfig or PLIST or in an existing configuration profile for the menu bar app:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Unlock</key>
<dict>
<key>EnableUnlock</key>
<true />
<key>EnableUnlockForLogin</key>
<true />
<key>RequirePIN</key>
<true />
</dict>
</dict>
</plist>After the profile is distributed, Unlock settings display in the Jamf Connect menu bar app, and users can pair their mobile device.
If you also enabled Jamf Unlock authentication at the macOS login window, the Enable Jamf Unlock switch displays the next time the users logs out of the computer.
