Skip to main content

Disable Jamf Connect Login Using Single User Mode or Recovery

Updated over 2 weeks ago

Description

This article provides steps to regain access to a computer if Jamf Connect Login cannot connect or authenticate against the configured Identity Provider, local authentication is disabled via the DenyLocal key, and there is no account that will work at the Jamf Connect Login screen.

Troubleshooting Steps

Option 1: If the computer has internet connectivity and is checking in to Jamf Pro

  1. Create a new policy in Jamf Pro

    1. General tab Triggers: Recurring Check-in

    2. Execution Frequency: Once per computer

    3. Files and Processes tab: In the execute command line, enter the following: authchanger -reset

    4. Scope to the target computer

  2. Wait for the computer to check in and run the policy. The default check-in frequency in Jamf Pro is 15 minutes. Once the policy has completed, this should be reflected in the policy log in Jamf Pro > The policy in question > Logs (along the bottom right).

  3. Reboot the computer. The default macOS login screen should appear.


Option 2: If there is no connection with Jamf Pro

FOR COMPUTERS WITH T2 CHIP/M1

Note: If FileVault is enabled, a Secure Token holding account is required.

  1. Press and hold the power button on your Mac until you see "Loading startup options."

  2. Click Options, then click Continue.

  3. Click Disk Utility and choose Data (or whatever the main hard drive is called) from the left and mount by clicking mount in the top right.

  4. In the top left click Disk Utility > Quit Disk Utility.

  5. Go to Utilities > Terminal.

  6. Run the following commands in Terminal:
    cd /Volumes/Macintosh\ HD/var/db/
    rm ./auth.db
    rm ./auth.db-shm
    rm ./auth.db-wal

    Note: Some of these files may not exist. The important one is auth.db.

  7. Restart the computer by running this command: shutdown -r now.

Did this answer your question?