macOS® Catalina™ Secure Token

With the introduction of macOS®10.15 (also known as Catalina), there have been a number of changes announced to the overall infrastructure to manage a Mac® laptop or desktop. One of the areas in particular is the effects of macOS Catalina on the Secure Token feature. These changes are presenting potential issues and the opportunity for streamlined solutions to Mac admins, so let’s see what there is to do about it.

What is Secure Token?

For many Mac admins, the Secure Token feature introduced with macOS High Sierra has been a cause for great consternation. It has forced IT teams to adjust their management workflows to be able to administer and manage devices properly, given that Secure Tokens are critical in order to safely create Mac users and manage their FileVault full disk encryption (FDE) credentials.

Apple® introduced Secure Token as a method of creating a “chain of trust” on a machine. The result was that only a trusted user could be created from another trusted user, and only those trusted users could leverage FileVault. This ensured that—from Apple’s perspective—the machine and users on it would be secure.

The Problem with Secure Token

The challenge presented by the introduction of Secure Token was that the chain of trust ultimately made user and FileVault management much more challenging. An organization’s mobile and network accounts with Apple devices did not have the ability to create users that would be granted Secure Tokens.

Only the original user on the machine was granted a Secure Token and only that account could go on to create subsequent users that would properly be granted a Secure Token. This overhead severely impacted the ability of Mac admins to remotely manage their fleet of Mac systems.

In light of this, JumpCloud introduced innovative functionality to automate the remote management of Secure Tokens across an entire fleet of Mac machines. This support dramatically changed the game for IT admins to introduce and manage FileVault within an organization. Of course, pending the arrival of Catalina, Secure Token management might be changing altogether again.

The macOS Catalina (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at:

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 315 posts and counting.See all posts by zach-demeyer