SSO and FileVault: allowing user switching without password promptSolved

Participant
Discussion
3 months ago

Hey! I’ve been using Hexnode UEM to manage my Macs for a while and have set up Hexnode Access SSO. I want to lend one of my Macs to a co-worker for a few days. Usually, users can connect automatically through SSO, but I’m trying to make it easier for them to switch between Macs.

The issue is, whenever I lend my Mac to someone, it asks for my account’s password because FileVault needs to unlock the disk first before allowing SSO connections. Any suggestions on how I can handle this, so my co-worker won’t need my password?

Replies (1)

Marked SolutionPending Review
Hexnode Expert
2 months ago
Marked SolutionPending Review

Hey @roger! I appreciate you getting in touch!

Yeah, you can actually bypass the need for your FileVault password when lending your Mac. FileVault access is tied to something called a FileVault Token, which is connected to a secure token. When FileVault is enabled for the first time, the system automatically assigns a token to the user who enabled it (that’s probably you).

To give your co-worker access, they’ll need a FileVault token too. You can do this by using Hexnode’s Grant Secure Token remote action.

Simply navigate to your device in the Hexnode UEM portal, select Actions > Grant Secure Token, enter the necessary credentials, and click Grant Token. This process will provide the new user with the necessary permissions to access the FileVault enabled macOS device, allowing them to log in without needing your account password.

Hope that helps! Let me know if you have any other questions.

Cheers,
Ben Clarke
Hexnode UEM

Save