The Jamf Connect login window supports offline multifactor authentication (MFA), which allows users to log in to their computer with a time-based one-time password through an authentication app without needing a connection to an identity provider. Users can access their computers securely without an internet connection with the use of this feature.
A supported authentication app, such as Google Authenticator or Okta Verify.
A computer with macOS 13.x or later.
In Jamf Connect Configuration, navigate to the Login page. Under the Authentication section, enable Offline MFA. Your configuration profile can then be saved and exported to your organization's MDM solution for deployment. For more information, see Configuration Methods for Jamf Connect.
Users can then enroll by selecting OTP Settings in the menu bar for Self Service+ and following the on-screen prompts.
OfflineMFAReminder) setting to schedule a recurring notification that reminds users who have MFA enabled, but have not set up offline MFA, to register their device for offline MFA.The Offline MFA Reminder (OfflineMFAReminder) setting is available for configuration with Self Service+.
When offline MFA enrollment completes, a new multifactor code from Jamf Connect will display in the user's authentication app. This code should only be used when attempting to log in while offline. Additionally, the user's enrollment status is written to the com.jamf.connect.state preference domain. Enrollment status is not written if enrollment is canceled or failed.
Offline multifactor authentication also provides a temporary backup code in the app upon successful enrollment. This backup code can be used to authenticate without your authentication device. When the backup code is used, your existing authentication device will be removed and a new device will need to be enrolled.
Offline multifactor authentication can be modified or removed via a command in Terminal. Enter /Applications/Jamf\ Connect.app/Contents/MacOS/jamfconnect_tool offline-mfa offline-mfa --help into Terminal for more information.