Disabling the Jamf Connect login window on Locked Out Computers

A computer with the Jamf Connect login window installed can become locked out due the following:

  • Users cannot successfully authenticate to your identity provider (IdP).

  • The Require Network Authentication settings in Jamf Connect is enabled, which prevents users from using local authentication.

You can regain access to the computer by disabling Jamf Connect using one of the following methods:

  • Run a Jamf Pro policy to disable Jamf Connect.

  • Use macOS recovery to reset the macOS authentication database.

  • Boot the computer in Single User Mode to reset the macOS authentication database.

Disabling Jamf Connect using a Jamf Pro Policy

Requirements
  • Jamf Pro

  • An internet connection and successful check-ins to Jamf Pro on the locked out computer

  1. In Jamf Pro, click Computers at the top of the sidebar.
  2. Click Policies in the sidebar.
  3. Click New .
  4. In the General payload, configure the following:
    1. Select Recurring Check-In for the policy trigger.
    2. Choose Once per computer from the Execution Frequency pop-up menu.
  5. In the Files and Processes payload, enter the following in the Execute Command field:
    authchanger -reset
    
  6. In the Scope tab, add the locked out computer as a target for the policy.
  7. Click Save .
The policy runs on the locked out computer the next time it checks in with Jamf Pro. The Jamf Connect login window is disable and the native macOS Login window should display the next time the computer is restarted.

Disabling Jamf Connect in Recovery Mode

If the computer has either the Apple's T2 or M1 chip and does not have an internet connection, you must use macOS Recovery to reset the computer's authentication database.

Requirements

If FileVault is enabled, a user account with a SecureToken is required.

  1. Shut down the computer.
  2. Press and hold the power button.
    The text "Loading Startup options" displays.
  3. Click Options and then click Continue.
  4. Click Disk Utility and choose the primary hard drive from the left sidebar, and then click Mount.
  5. From the menu bar, click Utilities > Terminal.
  6. In Terminal, execute the following commands:
    cd /Volumes/Macintosh\ HD/var/db/
    rm ./auth.db
    rm ./auth.db-shm
    rm ./auth.db-wal
  7. Restart the computer by executing the following command:
    shutdown -r now
The computer restarts and the native macOS login window displays.

Disabling Jamf Connect using Single User Mode

On computers that do not have Apple's T2 chip, you must restart the computer in Single User Mode to disable the Jamf Connect login window.
  1. Shut down the computer.
  2. Restart the computer and press and and hold Command-S during the restart.
  3. Depending on the version of macOS installed, execute on of the following:
    • macOS 10.14 or earlier:
      /sbin/mount -uw /
    • macOS 10.15 or later:
      mount -uw /System/Volumes/Data
      
  4. Execute the following commands:
    cd /var/db/
    rm ./auth.db
    rm ./auth.db-shm
    rm ./auth.db-wal
  5. Restart the computer by executing the following command:
    shutdown -r now
The computer restarts and the native macOS login window displays.