![]() ![]() With the Migrate and DenyLocal preference keys, all subsequent sign-ins will be authenticated to your IdP, and then the system verifies if the user record has an IdPUser attribute. This way the user can sign in to the system as their network username.Īdditionally, IdPs can migrate users from local accounts to accounts associated with network identity. At this point Jamf Connect Login will synchronize the password to the network password, and then add the network username as an alias to the local account. To migrate an account, the user must provide the existing local password. If a user's network username does not match any local account, the user will be given the option to create or migrate a local account. Once successfully entered, Jamf Connect Login will use the current local password and the current network password to sync the account to the current network password. If a user's network username matches a local username but the passwords do not match, the user will be prompted to enter their current local password. If a user's network username and password match a local username and password, the account is considered migrated. Consider the following user migration scenarios: Jamf Connect Login does this by forcing the user to sign in with their IdP, and then attempts to match the user with an existing local account. This is typically used when the user account was already created on the system, but you want the accounts to have the same username and password as the user’s cloud identity. Used with DenyLocal to force authentication to the IdP first, but then fallback to local authentication if the IdP is unavailable.Īllows local accounts to be migrated to network accounts. Note: Maintaining your license key in a separate configuration profile provided by your account manager is recommended. jamfconnectlicense file encoded in Base64 data format. Specifies which users can still locally authenticate if DenyLocal is set to true If set to false, the Local Auth button is available, and users can choose to authenticate locally. If set to true, the Local Auth button is not available, and user must authenticate to their network. Make sure you demobilize accounts before unbinding from Active Directory and that the Active Directory domain is reachable during account creation with Jamf Connect.ĭetermines if users can bypass network authentication and use the Local Auth button at the loginwindow. ![]() ![]() Important: If you unbind from Active Directory before demobilization, demobilization may fail if a user's Active Directory password and IdP password do not match and Jamf Connect Login is configured to sync the passwords during account creation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |