This document covers the implementation of Jamf Connect for all UWM Managed Apple Macintosh Computers. It will cover the installation of Jamf Connect from Self Service (if necessary) and day-to-day use of Jamf Connect Login and Jamf Connect Verify.
About Jamf Connect
Jamf Connect is a collection of applications and services that combine to make it easier for users to work on their Mac while away from campus. It incorporates Microsoft Azure AD for user authentication. This means that the device will not have to connect to the UWM network for users to log in for the first time or change their computer password.
Jamf Connect Login will replace NoMAD Login for logging in to the computer, and Jamf Connect Verify will replace NoMAD in the menu bar for keeping credentials in sync.
Installing Jamf Connect
Jamf Connect can be installed by launching the Self Service app and clicking “Install” on Jamf Connect.
Before installing, the user will be warned that the installer will log them out of the computer. It is highly recommended that users save all work and close all open applications before proceeding. Nothing will stop the computer from logging the user out after starting the install process. There are no warnings or prompts that this is about to happen, which is why it is emphasized in the Jamf Connect Installer description window.
When Jamf Connect has been installed, the user will be logged out, and will see a familiar Microsoft Login screen. This is the same login used when signing into Office online and Microsoft Teams.
Using Jamf Connect Login
When logging in, users will need to type their full email address, not just their ePantherID. This works exactly the same as when accessing Microsoft 365 online resources.
At the next screen, users will enter their password:
After successfully entering their password, users will be met with a second login screen requesting the password be entered again:
A note about the double-login experience:
Users will need to enter their password twice to log into a device after booting the computer or after logging out. This is how Microsoft designed the Azure login process, and there is nothing that can be done at this time to change it. Users will not have to log in twice when a device is locked (like when the screensaver comes on), only when logging into the device after a reboot or having been logged out. This applies to all Macs with T2 Security Chips (Most 2018 Macs and newer).
Users with iMacs purchased prior to 2021 and Mac laptops purchased from 2017 and earlier will see a standard Mac login screen when they reboot due to FileVault. The machines will still display the Microsoft Azure login window after a computer has been logged out (without a full reboot).
A note about logging in if your password has already expired:
There is a “Local Login” button located at the bottom of the Microsoft login screen. Click it and login using the password you previously to access your computer. Once logged in to the computer, change your password as you normally would . After changing your password, the Jamf Connect Verify application will prompt you to enter your new password and update the passwords stored on your computer.
Jamf Connect Verify
Jamf Connect Verify is a menu bar application that allows for continuous password validation between network and local accounts. In other words, it makes sure that the user’s ePantherID is up to date and warns them if their password is about to expire. It also resolves issues with the Mac’s built-in password management system (Keychain) making for a much better user experience when an ePantherID password is changed.
After first signing in, users will be prompted to allow notifications from Jamf Connect Verify – It is recommended that this be allowed so users receive a notification that their password is about to expire.
A countdown timer will appear next to the icon when a user has 30 days left before their ePantherID password expires. It will continue counting down until the password is changed. Users can click on the menu bar icon and click “Change Password” to be taken directly to the ePantherID change password form.
After changing their password, users will then be asked to log in to Jamf Connect with their new credentials, and the application will take care of the rest.
If a user changes their password outside of this portal, Jamf Connect will notice the passwords are out of sync and will prompt the user to enter their new credentials. This should happen within about 15 minutes of the password being changed.
If on campus or connected to the VPN, the Jamf connect icon in the menu bar will turn green within 15 minutes. This means that the computer has a valid Kerberos ticket, which is something CTS staff use to make connecting to file shares and printers more seamless (if a user does not have a valid Kerberos ticket, they will need to authenticate when connecting to these resources). In normal day-to-day use, this will not be something users will need to worry about. Aside from occasionally entering their credentials after changing passwords, users will typically never have to interact with Jamf Connect Verify.