Zero Touch App Activation with Jamf Connect and Jamf Trust
Jamf Connect is now able to generate a unique token that can activate Jamf Trust for macOS, which creates a "zero touch" experience where users no longer have to manually sign in to their Jamf Trust app. This allows for the activation of Jamf Connect's Zero Trust Network Access capabilities without requiring users to manually interact with Jamf Trust. For more information, see Zero Touch App Activation with Jamf Connect and Jamf Trust.
Other Changes and Improvements
The User Promotion Biometrics (
UserPromotionBiometrics) setting allows administrators to require Touch ID as a form of authentication prior to a temporary elevation session. This setting will be available in Jamf Connect Configuration with a future release.The User Promotion Role (
UserPromotionRole) setting now supports the following additional identity providers:Okta-OIDCOneLoginPingFederateIBMCICustom
The Offline MFA Reminder (
OfflineMFAReminder) setting allows administrators to schedule a recurring notification which will remind users to register a device for offline multifactor authentication. The notification will appear for all users who have multifactor authentication enabled and have not set up offline multifactor authentication. This setting will be available in Jamf Connect Configuration with a future release.Users can now save configuration and PLIST files that do not have identity provider information and use settings from the
Temporary User Privilegessection in Jamf Connect Configuration.The logs for privilege elevation when User Promotion Role (
UserPromotionRole) is configured now records the following information:The UPN of users on elevation attempt and successful elevation
The role of users on elevation attempt and successful elevation
The highest elevation duration role or group in role-based scenarios
Resolved Issues
[PI117249] When the User Promotion Duration (
UserPromotionDuration) setting is set to 0 and the User Promotion Reason (UserPromotionReason) is enabled, users no longer receive a message that says: "Input the reason and we can increase your level for 0 minute."[PI117525] Computers that lose charge to the point where they no longer maintain the correct date or time no longer cause time tampering flags unless a monthly elevation limit is set. An additional fix to resolve the time tampering flags when a monthly elevation limit is set will be available in a future release.
[PI117746] The User Promotion Duration (
UserPromotionDuration) setting now resets the duration timer after an elevation session concludes instead of keeping the time remaining at the time of demotion.[PI117845] Minor bug fixes are now available to reduce frequent crashes with Jamf Connect 2.34.0.
[PI118050] The User Promotion Role (
UserPromotionRole) setting now deletes itself automatically after removing all roles from the setting, which should prevent users being unable to begin an elevation session.[PI118051] Jamf Connect Configuration no longer requires the optional time value to be set when configuring the User Promotion Role (
UserPromotionRole) setting.[PI118052] The code editor in Jamf Connect Configuration no longer produces an error message about unsupported keys when configuring keys from the
TemporaryUserPromotiondictionary.[PI118053] Account migration from Okta Classic Engine no longer fails when the local account password matches the user password from their IdP.
[CON-5212] The functionality in Jamf Connect Configuration no longer produces false positives.
[CON-5244] Users no longer unexpectedly receive prompts to enter a reason for their privilege elevation request when the User Promotion Reason (
UserPromotionReason) setting is not enabled.