JAMF Connect will replace local authentication for ARE Mac OS Computers. JAMF Connect is an app that allows administrators to manage authentication by connecting a user’s local macOS account to their organization’s cloud identity, in our case this would be unity ID accounts.
What does this mean for you as an end-user and what will be different? I have prepared this FAQ that should hopefully answer most of the questions that would be raised during this transition. ARE IT aims to implement JAMF Connect in the upcoming few weeks for all ARE Mac OS computers.
Terminology that may be unfamiliar to users:
Local password – your password that you use to log-in and unlock your Mac Network
Network Password – your unity ID password
Why do we need JAMF Connect?
JAMF Connect should streamline authentication off-campus, since users will be authenticating into the machine through Azure. This should not only help security (who can get into the machine) but ease the use for our users. As of now ARE Mac computers have their own local user accounts created, which means most users have different passwords than their unity ID password, JAMF Connect will solve this issue. It will also ease the burden of password syncing off-campus and deploying machine(s) if needed to users that are off-campus.
How will my log-in be different if I already have an account on my Mac?
After authenticating to FileVault 2 (if it’s on the system). You will see a screen that asks you to log-in with an email address (internet connection is required for first time). You will input your NCSU unity credentials. If you are logging in for the first time 1 of 3 things will happen depending upon your system setup:
- For users that have a matching local username that is the same as your unity ID and matching password to your unity password, there will be no prompt. JAMF Connect will just log you in. After this you will continue to use your unity ID password to log-in and unlock FileVault 2 (if it’s setup).
- For users that have a matching local username that matches their unity ID, however, their local password and their unity password do not match. JAMF Connect will ask you to input your local password, it will then update your password to your unity ID password. After this you will continue to use your unity ID password to log-in and unlock FileVault 2 (if it’s setup).
- For users that do not have a matching local username that matches their unity ID, JAMF Connect will let you choose from a list of existing local accounts or create a new account. If you select a local account, the user must enter the password of a chosen existing local account, and then JAMF Connect will sync the password to the network password and add the network username as an alias to the local account. Note that if you choose to create a new account, your old account will not be migrated, this will be a brand new user account that JAMF Connect will create. After this you will continue to use your unity ID password to log-in and unlock FileVault 2 (if it’s setup).
What happens if I do not have an internet connection to log in?
If you do not have an internet connection, you will still be able to log-in to to the system as long as you have previously logged in at least once. You will need to turn off Wi-Fi manually and hit Local Login button which should pop-up after Wi-Fi is disabled on the system and then proceed to login with your known credentials.
Will I still be able to use TouchID to open up my Mac?
Yes, ARE IT does not disable this setting. If you have any issues, please contact ARE IT.
Will I have admin rights on the system after JAMF Connect?
Yes, the permissions will not be touched. New users will be created as administrators as well, so users aren’t encouraged to share their systems and should never give out their log-in password to other people.
Will my unity ID password be automatically synced on my system(s) after password change?
Yes, JAMF Connect will notify you if your local password and your network (unity) password is out of sync. After this a window should pop-up that will tell you to log-in with your unity ID and your unity ID password. It will then proceed to ask you your local password (old password), after this JAMF Connect should sync your new unity ID password to your account.