Jamf Connect users may experience a loop after upgrading to Okta Identity Engine (OIE) if the authentication policy requires an authenticator other than a password.
- Okta Identity Engine (OIE)
- Jamf Connect
- Authentication Policy
Enabling MFA at the app level can cause errors with Jamf Connect per this Jamf article:
Additional information can also be found here:
Create an Authentication Policy and rule for the Jamf applications that only require a password. MFA can be mandated at the global policy level, but not in the authentication policy, according to Jamf's documentation. Supported MFA options include:
-
Supported MFA options include the following:
- Okta Verify one-time password (OTP)
- Okta Verify push notification
- Okta Verify security question
- Duo Mobile
- Google Authenticator
- YubiKeys
- RSA security keys
NOTE: Jamf Connect does not currently support hardware-based security keys at the macOS Login Window. Examples of these keys include Personal Identity Verification (PIV), Common Access Card (CAC), and security keys (for example, YubiKey) in FIDO2, U2F, or smart card mode.
