Many IT admins are encountering macOS® High Sierra authentication errors with FileVault® enabled. This problem is completely breaking the model and the processes that IT organizations use to manage Mac® users and systems. While the issue is certainly frustrating, there is a solution that can fix it across a fleet of Macs. But, what exactly is the problem? Let’s find out.
The Problem Itself
This issue IT admins and users are coming across with FileVault started with the release of macOS High Sierra from Apple®. With High Sierra’s FileVault feature, Apple’s intention was to increase security and usability for their end users. While it certainly increased security, the FileVault update stirred up trouble with respect to usability. The problem is that the FileVault update has caused some pressing issues downstream for IT admins.
So, what’s the problem? Well, with the new macOS update, a user must be created locally to ensure that the user receives something called a Secure Token. This Secure Token is required to enable FileVault for the user, but users created remotely via the API or network users will not be granted the Secure Token, forcing IT admins to manually manage macOS systems. It may not sound like a big deal, but for already busy admins, creating each individual user’s credentials on their personal machine is quite the hassle. Due to the fact that users must be created locally, the orthodox method of creating users remotely has completely broken down. Legacy identity management solutions, such as Microsoft® Active Directory® (MAD or AD), have especially struggled with this Secure Token and FileVault problem.
A Solution on the Horizon
The good news, though, is that a next generation directory services solution, called JumpCloud® Directory-as-a-Service®, has solved this challenge. IT admins can now remotely provision, deprovision, and manage macOS High Sierra users with FileVault enabled. Directory-as-a-Service eliminates High Sierra authentication errors with FileVault by ensuring that new users are created properly according to Apple’s new standards to ensure security. JumpCloud’s Mac agent acts as an intermediary between Secure Token and FileVault (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/high-sierra-authentication-errors-with-filevault/