2.40.0 (2024-10-07)

Jamf Connect Release Notes
Solution
Application
Jamf Connect
Content Type
Release Notes
Utilities & Services
ft:locale
en-US

FIDO2 Authentication for Privilege Elevation

The Verify User Promotion via FIDO2 (VerifyUserPromotionFIDO2) setting allows you to let users authenticate through Safari prior to a privilege elevation session. Authenticating within a browser adds support for WebAuthn authenticators, including passkeys and FIDO2 keys. This setting is currently supported with the following identity providers:

  • Microsoft Entra ID

  • Okta Identity Engine

  • Okta OpenID Connect (OIDC)

  • PingFederate

Keep the following in mind when implementing this setting in your environment:

  • Requiring WebAuthN authentication for privilege elevation may require changes to your identity provider's authentication policies.

  • After enabling the setting, the Jamf Connect OIDC application located in your identity provider configuration must use the following Redirect URI to prevent any errors: jamfconnect://loggedin

For more information, see Privilege Elevation Settings.

Other Changes and Improvements

The Jamf Connect menu bar app now displays the temporary privilege elevation duration in the format MM:SS. This improves usability during privilege elevation sessions lasting less than 60 minutes.

Resolved Issues

  • [PI118548] The password expiration timer in the Jamf Connect menu bar app now resets as intended when a user changes their password via Kerberos.

  • [PI119435] Users no longer see incorrect credentials in the Jamf Connect menu bar after an administrator accesses the user's computer and authenticates via the Verify User Promotion (VerifyUserPromotion) setting.

  • [PI119480] The Jamf Connect login window no longer displays the OIDC login window instead of the local login window.

  • [PI119859] The Jamf Connect menu bar app no longer attempts to gather multiple Kerberos tickets when the Password Change Workflow (PasswordChangeWorkflow) setting is set to Kerberos.

  • [PI119892] The Automatically push last Multifactor tool tip no longer contains an incorrect spelling.

  • [PI119966] The Jamf Connect menu bar no longer incorrectly modifies the PasswordCurrent state setting during background password syncs that experience a connection interruption.

  • [PI120036] Using the jamfconnect acc-promo --demote Terminal command no longer causes the Terminal window to lose focus.