Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Jamf Connect 2.0 includes Mac user authentication via iPhone Face ID, Touch ID

An example of a mobile authentication prompt in macOS for Jamf Connect 2.0

Last updated

Mobile device management outfit Jamf has revealed it will be rolling out an updated version of Jamf Connect 2.0 that will overhaul the identity management tool, including the addition of using Touch ID and Face ID on an iPhone for user authentication on Macs.

Revealed during the virtual Jamf Nation User Conference on Tuesday, Jamf Connect 2.0 is a major update of the company's account and identity management tools for large networks. The system, which enables for a user account to be provisioned to a device and authenticated throughout a corporate network, has been given some upgrades that take advantage of cloud computing and alternative authentication systems, including elements users are already familiar with using.

Version 2.0 will use a single cloud-based set of identity credentials for users, which will be used throughout the network's hardware. In theory it will help produce a more seamless authentication experience for users, and in some cases, a near zero-touch deployment process.

Arriving in beta before the end of 2020 and being usable by all users in early 2021, Jamf Connect 2.0 will enable a passwordless workflow, reports 9to5Mac, where an iPhone will be able to log users into a nearby Mac. After authenticating on the iPhone using Touch ID or Face ID, the iPhone will install a certificate via the Jamf Connect iOS app, which is then validated over Bluetooth with a Mac.

The process doesn't necessarily require a work-issued iPhone to function, as the app could feasibly be installed on a user's own iPhone and the certificate accessed, without needing any further installations or implementing elements of device management.

Jamf Connect 2.0 will also work with Apple's Single Sign-On Extension framework, which will enable a user to authenticate once, but then be signed in automatically on other enterprise apps. This again will save users from having to set up their work environment each time they use a new device.

A demonstration of the Microsoft Enterprise SSO Plugin was also shown, allowing it to work with Microsoft Azure AD authentication systems.



2 Comments

bonobob 13 Years · 395 comments

I hope they don’t forget that some Macs have TouchID built in.  I’d be really annoyed to have to pull my phone out to authenticate when there’s a TouchID sensor right on the keyboard. 

InspiredCode 8 Years · 405 comments

bonobob said:
I hope they don’t forget that some Macs have TouchID built in.  I’d be really annoyed to have to pull my phone out to authenticate when there’s a TouchID sensor right on the keyboard. 

It needs an actual OAuth2 login before Touch ID will work.  No different then using Microsoft Authenticator or Google.app.