ㅤ Kandji Passport makes the login process easier for end users by syncing their local Mac login credentials with those they use for single sign-on with their organization's identity provider (IdP). Passport now supports multifactor authentication, so admins can enforce login flows that leverage the same MFA factors already configured for their users' IdP accounts. Those flows can use one-time passcodes (delivered via SMS, email, or an MFA app), push notifications to an app, or security questions. Passport’s MFA support works with Okta, OneLogin, and Azure AD as IdPs. Admins can configure MFA through an updated Passport library item. They can choose between the existing Mac login experience or a new Web Login option, which enables MFA support.
Once configured by the admin, users will go through the multifactor authentication process when they log in to their devices if MFA is part of the IdP’s browser login flow. Admins can choose to make offline login without MFA an option. In that case, if the device isn’t connected to the Internet for some reason, the user will get the standard local login window. For more details on how to implement multifactor authentication in Passport, see our Passport support article.