Jamf Unlock

Jamf Unlock is a mobile device app that allows a user to unlock their Mac with a mobile device without using a password. With Jamf Unlock, users complete a setup process to create or generate identity credentials(certificate) on their device, which is then used to pair and establish trust with a Mac. Once the setup is complete, users can easily use the app as an alternate authentication method in the following scenarios:

  • Unlocking a Mac
  • Prompts to change settings in System Preferences
  • Commands executed with root privileges with the sudo command

IT administrators can use Jamf Pro to configure authentication settings via managed app configuration, and deploy the app to users in their organization.

General Requirements

To use Jamf Unlock in your environment, you need the following:

  • A Jamf Connect subscription and the Jamf Connect menu bar app installed on computers.

    Note:

    You must also include the Enable Unlock (EnableUnlock) setting in your menu bar app configuration profile. For more more information, see Enabling Jamf Unlock on Computers.

  • An MDM solution, such as Jamf Pro

  • Managed devices with the following:

    • iOS 14.0 or later that are connected to the internet

    • A passcode and Face ID or Touch ID enabled

  • Computers with macOS 10.15.4 or later with the Jamf Connect menu bar app installed

  • A local account with administrator privileges

  • An OpenID Connect app integration in your cloud identity provider

    Note:

    If you already deployed the menu bar app in your environment, you can use an existing app integration in your IdP for the menu bar app by adding an additional Redirect URI for Jamf Unlock. If you use Okta and its authentication API with the menu bar app, you must create a new app integration for Jamf Unlock to support the OpenID Connect authentication protocol. See Identity Provider Integrations for more information.