cancel
Showing results for 
Search instead for 
Did you mean: 

Enable self-service account provisioning and allow users to manage wireless connectivity from the new macOS device login window today!

scott_reed
JumpCloud Employee
JumpCloud Employee

LWScreenShot 2023-09-18 at 8.23.55 PM (1).png

Key Outcomes:

Users now have the ability to provision their work account to their JumpCloud-managed macOS or Windows device straight from the login window.

Organizations can unlock new light-touch device provisioning experiences for macOS and Windows, saving valuable time and IT resources.

Users experience the improved macOS login window with wireless connectivity controls and system diagnostics, aiding in device configuration and troubleshooting login issues.


The Short Story:

The new device login window capabilities on macOS and Windows streamline and enhance the on-device JumpCloud account management experience. Users benefit from a simplified onboarding experience and can quickly begin working from their JumpCloud-managed account on their JumpCloud-managed device. Admins benefit from reduced time and IT resources used to configure devices and onboard new users. Managing wireless connectivity directly from the macOS login screen is a game changer. 


The Admin Experience:

ssap_admin_console_enable_new.jpg

Self-Service Account Provisioning has found its place in Device Settings. This feature can be enabled for macOS and Windows devices independently. Furthermore, admins have the option to set the default user permission level for newly created accounts as either standard or administrative (sudo) users. The feature can be toggled on and off globally to enable or disable the new macOS login window. 

The End User Experience:

siwjc_mac_initial.jpg

siwjc_win_initial.jpg

On devices without existing JumpCloud accounts, users will notice an option to “Sign in with JumpCloud” on the device login window. Upon selecting this, they’ll enter their JumpCloud credentials and have their account automatically provisioned to the device. 

Learn more about this feature in the linked KB article

Provision New Users on Device Login 

Tutorial: Self-Service Account Provisioning

11 REPLIES 11

jumpclouduser91
Novitiate II

This is so nice! I would love to see, Ram Amount, Processor Type and Speed, and HD size in the information button. 

Hi @jumpclouduser91 it would be great if you could add a feature request for this 🙂

NVergin
Rising Star II

As much as I like the new login screen (I really do!) there are definitely some issues that it is causing.  I have submitted feature requests or support tickets for these, but wanted to comment here as well for visibility so others can be aware of these potential issues.

1) Auto-Logins - It breaks existing auto-logins that we had in place for some conference room computers.  They have limited access to anything and are really just used for Zoom Rooms, with scheduled reboots to keep them working smoothly.  Well, they no longer log in automatically.  Being able to include/exclude systems/groups from this setting would solve that problem as I already have these Zoom Room computers in a specific device group.  But the fact that it's a global setting is problematic.  I have to imagine that it's caused similar problems for others when they have managed machines which are general purpose or not assigned to a particular user/users.  I'm now going to need to either disable this globally because of a couple affected systems or share a password with all my users to allow them to continue using these Zoom Rooms.  Not excited about either prospect when we had a system that was working smoothly without user interaction prior to this.  I could certainly be wrong and perhaps I overlooked it, but I cannot recall seeing any warnings that this would impact auto-logins, though I should have anticipated that.  It occurred to me when I came into the office and noticed the conference rooms were sitting at the new login screen.

2) Password Length - the password field should be wider/longer.  We often have long passwords and the fact that it kind of wraps to a new line is causing confusion and difficulty when logging in.  After or while entering a long password, the user may look at the password field and it appears that only a small number of characters were entered.  This may not actually be the case, but since it cannot fit the full password length, it then "wraps" to a new line after a certain point, only showing the remaining character indicators.  So it may look like only a handful of characters were entered, but then you go to delete it and start over and you see that no, they were probably all there but it has been wrapped to display only a few.  Super annoying.  That should be an easy UI fix.  Make the field wider, disable the "wrapping" aspect of it, or both.

That's interesting. We have not done auto-login on our Conference Room Mac Mini's as it prevents the ability to FileVault encrypt them. What OS are your Zoom Rooms running on?

They are Mac Mini's.  They don't have access to anything other than the local OS and the Zoom Room software so we opted to prioritize usability for end users vs enforcing encryption on those machines as they are secured in our office the associated risk is low.  However, now that auto-login is broken, I might as well enable encryption.  But hoping these issues will be resolved.  For the time being I shared a password with our users so they can continue using the systems as needed.

scott_reed
JumpCloud Employee
JumpCloud Employee

@NVergin thank you for the detailed feedback. Both of these items are "bugs" that we are actively investigating and will fix. Stay tuned for an update. 

@scott_reed  Thanks for letting me (us) know.  Appreciate it!

thepearsona
Novitiate II

scott_reed great work on this.  However, like @NVergin there is a bit of a showstopper for rolling this out.  All our devices are added to a dynamic group that puts an admin user on each device.  In the pre-requisites, it says "The device cannot have an existing JumpCloud-bound user account.".

The real-time saving for us is if users can swap on a different computer without raising a ticket to be bound to a new device.

A couple of other thoughts:

- would it make more sense if the permission level (standard or administrator) was set under the user profile tab where you can say if the user is granted admin permissions for all device associations?  
- is there a technical reason Windows Home versions are not supported as we have a number of devices that are Home and it is a difficult sell to get them to upgrade for mostly little benefit?

Let me know if you need some testers or testing on any of these features. Have a great day. Chris

@thepearsona I'll let @scott_reed answer your other questions, but for Win Home, it's not supported because it's against MS TOS to use Home for biz purposes, and most policies will not work properly on Home editions.

Like someone's post? Give them a kudo!
Did someone's answer help you? Please mark it as a solution.

Thanks @BScott , that is helpful.  Let's hope Microsoft gets with the program and realises that the distinction between a business and home OS is a bit of a sham.

Hi @thepearsona are you referring to something like a check-in/check-out for devices? If so a feature request for this would be great. And the admin permission for all devices looks like it'll be a separate feature request on its own. Very cool ideas for sure and we'd love to get them in the system. 🙂