High Sierra Authentication Errors with FileVault®

Written by Zach DeMeyer on July 23, 2018

Share This Article

Many IT admins are encountering macOS® High Sierra authentication errors with FileVault® enabled. This problem is completely breaking the model and the processes that IT organizations use to manage Mac® users and systems. While the issue is certainly frustrating, there is a solution that can fix it across a fleet of Macs. But, what exactly is the problem? Let’s find out.

The Problem Itself

This issue IT admins and users are coming across with FileVault started with the release of macOS High Sierra from Apple®. With High Sierra’s FileVault feature, Apple’s intention was to increase security and usability for their end users. While it certainly increased security, the FileVault update stirred up trouble with respect to usability. The problem is that the FileVault update has caused some pressing issues downstream for IT admins.

So, what’s the problem? Well, with the new macOS update, a user must be created locally to ensure that the user receives something called a Secure Token. This Secure Token is required to enable FileVault for the user, but users created remotely via the API or network users will not be granted the Secure Token, forcing IT admins to manually manage macOS systems. It may not sound like a big deal, but for already busy admins, creating each individual user’s credentials on their personal machine is quite the hassle. Due to the fact that users must be created locally, the orthodox method of creating users remotely has completely broken down. Legacy identity management solutions, such as Microsoft® Active Directory® (MAD or AD), have especially struggled with this Secure Token and FileVault problem.

A Solution on the Horizon

FileVault Issue Disables Remote Managing Ability

The good news, though, is that a next generation directory services solution, called JumpCloud® Directory-as-a-Service®, has solved this challenge. IT admins can now remotely provision, deprovision, and manage macOS High Sierra users with FileVault enabled. Directory-as-a-Service eliminates High Sierra authentication errors with FileVault by ensuring that new users are created properly according to Apple’s new standards to ensure security. JumpCloud’s Mac agent acts as an intermediary between Secure Token and FileVault, creating users and providing them with a valid Secure Token. By leveraging Directory-as-a-Service, IT admins can instate Secure Tokens for their Mac users on a macro scale. Thanks to JumpCloud’s Mac agent, sysadmins can once again create credentials for entire fleets of Mac systems without worry of having to do so manually.

Solving High Sierra Authentication Errors with FileVault via JumpCloud

You can use JumpCloud Directory-as-a-Service to update your High Sierra users’ credentials absolutely free. Seem too good to be true? Well, by signing up for Directory-as-a-Service, you can leverage the SaaS solution for up to ten users for free, forever. If you have Mac fleets of larger than ten users, you can explore pricing options to pay as you go, here. To see JumpCloud’s Mac management capabilities in the hands of an expert, you can also schedule a demo. Questions or comments? Drop us a line, and our support team will be glad to assist you.

Continue Learning with our Newsletter