Local Account Creation

The following describes a typical user experience when your MDM solution deploys Jamf Connect during an Automated Device Enrollment workflow. Keep the following environment variables in mind about the Jamf Connect user experience.

  • The login user experience may vary based on the identity provider (IdP) and preferences used in your environment. The screenshots below are from a Microsoft Azure AD integration.

  • If Okta authentication is used, Jamf Connect's user interface displays. If OpenID Connect authentication is configured, a webview with your IdP's login screen displays.

  • If required by your IdP, the user may be prompted with multifactor authentication (MFA) challenge on another device.

  1. The user follows on-screen steps to complete Apple's Setup Assistant and enroll the computer in MDM.
  2. When the Jamf Connect login window displays, the user must log in with their network username or password.
    Note:
    • If Okta authentication is used, Jamf Connect's user interface displays. If OpenID Connect authentication is configured, a web view with your IdP's login screen displays.

    • If required by your IdP, the user may be prompted with a multifactor authentication (MFA) challenge on another device.

  3. (OpenID Connect only) Depending on the Create a Separate Local Password (OIDCNewPassword) setting configuration, the user will be prompted to do one of the following:

    • If enabled, the user is prompted to create a password for their new local account.

    • If disabled, the user is prompted to re-enter their network password for their new local account. This ensures that a user's network and local password are synchronized during the account provisioning process.

  4. The user clicks Create Account. The computer completes the setup process and loads the Finder.