cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1509
Views
0
Helpful
2
Replies

Duo Mobile 2FA issues on macOS while using JAMF

jloesch
Level 1
Level 1

Hello all,
Posting here to possibly get some help on an issue we’ve been running into using Duo Mobile and macOS.

We are deploying Duo through Jamf and we have no issues using the automated enrollment for Mac users that are in office. Our issue is with the Mac users that work remote. As i understand it by default macOS will not allow you to select or change wifi networks from the login screen. This causes conflicts with Duo to where a user is unable to login to the Mac because it is not connected to the internet and it will block a user from logging in, We have it set to enroll them into offline access as well, but this will not prompt them to do so until after they complete the 1st initial authentication.
All of our Macs are on the latest 12.5.1 and we are using MacLogon-2.0.0.pkg being installed through a policy in Jamf Pro.

If we install Duo on a Macbook then ship it to a remote user, it is essentially a paper weight that they can’t login to or connect to the internet with.
Has anyone else ran into this issue or found an alternative way of deploying Duo to Macs ?
Any and all help would be greatly appreciated.
Thank you

2 Replies 2

STEPHAN BUDACH
Level 1
Level 1

Yeah - this actually poses a problem. Have you ever thought about not to perform a pre-setup and ship the new device directly to the user. This is, what we are doing, since all of our Macs are in Apple’s DEP, we simply have them run the initial setup on their own. This way, they can connect their Macs to their home WiFi networks.

However, this still doesn’t solve the issue of logging into the Mac, if it has no internet connectivity afterwards, if the user didn’t have the Duo Mobile app on a phone. The only way around that would be to make MacLogon work with HOTP tokens, which you could generate fronm the admin console and pass to the client after verifying her/his identity, e.g. on the phone.

I had raised a case for that and had been told, that they (Duo support) would bring this up with their engineers, but it may be worth raising a ticket on your own, to Duo know, that there’s more demand for this.

Link to the other conversation started about his topic: Remote Users Cannot use Mac after installing Duo MFA

Duo, not DUO.
Quick Links