Initial Local Password Creation

When a local account is created with Jamf Connect, users must create the password for the account after they have successfully authenticated with the cloud identity provider (IdP). With Jamf Connect, you can allow users to set the initial local password using one of the following methods:

  • Require users to enter their network account password from the cloud IdP, which will be reused to create a local account password. This ensures that both the local and network account passwords are synced immediately after local account creation. Jamf Connect uses a password grant authentication flow—referred to as either a Resource Owner Password Grant (ROPG) or Resource Owner Password Credentials (ROPC) grant—to verify that the password entered by the user matches the network account password.

    Note:

    To use this method, your IdP must support ROPG authentication grants. Google Cloud Identity cannot use this workflow during account creations.

  • Allow users to enter any password to use for their local account. This option can be used if you do not plan to continue syncing passwords after account creation.

To determine which method Jamf Connect will display to users, you can configure the Create a Separate Local Password (OIDCNewPassword) setting to enable or disable the ability for users to create any local password. By default, this setting is enabled.