Once two Jamf Connect applications have been created, it is necessary to make modifications to your Sign On or Authentication policies to properly enforce multifactor authentication (MFA) at the macOS login window.
Requirements
Access to your organization's Okta Classic Engine admin console.
Two separate Jamf Connect applications, one for password checks and another to support interactive logins at the macOS login window.
- Log in to the Okta Admin Console.
- Click Applications.
- Locate the Jamf Connect application that supports interactive logins at the macOS login window.
- Navigate to the Sign On tab.
- In the Sign On Policy section, click Add Rule.
- Enter a name for the rule in the Rule Name field.
- (Optional) Select values for People and Location.
- (Optional) Select macOS in the Client section and deselect any other values.
- Navigate to the Access section.
- Set the value for When all conditions above are met, sign on to this application is: to Allowed.
- Click the checkbox for Prompt for factor and the option for Once per session.
Users who have been assigned to your Jamf Connect application should now see a requirement for MFA as part of the login process.