Users: Change Your MacOS Password

After you use JumpCloud to encrypt a system, enforce Multi-factor Authentication (MFA), require strong passwords, and scan continuously for malware threats, you want employees to manage their identities and passwords in this well-fortified environment.

There are four passwords on your macOS device that must be kept in sync:

  1. JumpCloud user password - Used to log in to your JumpCloud User Portal.
  2. FileVault (if enabled) -Used to unlock FileVault when your device is started up. In most scenarios, the FileVault password and the device password are the same, but they should be understood as distinctly different.
  3. Device password - Used to log in to your device after FileVault is unlocked.
  4. MacOS Keychain - Used to access passwords, logins, secure notes, etc. that you have saved on your Mac.

JumpCloud IdentityOS® makes it simple to keep these distinct passwords synchronized and prevent lockouts.

You can change your user password in four places:

  • JumpCloud Menu Bar App (recommended)
  • User Portal
  • Upstream Integration (i.e. Okta) that syncs the changed password to JumpCloud and to your device
  • System Settings (least recommended)

Considerations

  • The JumpCloud passwords you create must adhere to the complexity settings your organization requires for user account passwords. You'll get an error if you attempt to create a non-compliant password. See Manage Password and Security Settings to learn more about complexity requirements.
    • Your password also has to adhere to the password complexity settings of the applications you log in to using JumpCloud. If you need help determining the password complexity settings of the applications you use, ask your IT Admin.
  • If your account gives you access to SSO applications, it may take several minutes for your password to update for your SSO applications after you change it in JumpCloud.

Note: When you change your password, any active sessions (User Portal, SSO applications, etc.) will be terminated and you will be prompted to log in again.

On macOS devices, the JumpCloud menu bar app delivers a convenient method for you to change or sync your JumpCloud IdentityOS® password.

Note:

The menu bar icon can be hidden by your Admin, and you should contact your Admin if you're unable to locate the menu bar app on your device. Additionally, if your account is managed by Active Directory or Okta, you won't be able to use the app to reset your password.

To change your JumpCloud password in the JumpCloud menu bar app:

  1. Click the JumpCloud logo in the menu bar to open the JumpCloud menu bar app.

  1. Hover over the Your computer password is up-to-date message, then click Reset Password.
  2. In the JumpCloud Password field, enter your current JumpCloud user password.
  3. In the New Password field, enter your new JumpCloud user password.
  4. In the Confirm Password field, enter your new JumpCloud user password again.
  5. If your organization requires an Authentication Method, enter your TOTP from your authentication app or accept the login push request on your mobile device. 
  6. Click Save.

After the JumpCloud menu bar app saves your passwords, JumpCloud updates the FileVault and Keychain accordingly.

Changing Your Password in the User Portal

To change your JumpCloud password in the User Portal:

  1. Log in to the JumpCloud User Portal.
  2. Go to Security.
  3. Under Password, click Reset Password.
  4. To update your password, enter your current password, your new password, and your new password again. Password complexity requirements are determined by your IT Admin. If you forget your password, you can also request a password reset by clicking Reset User Password on the User Portal login screen.
  5. Click Update Password.
  6. See Syncing Your JumpCloud Password with Your Device Password below to update your password in the menu bar app.

Tip:

If your users log in with Touch ID, they may have to enter their password to access the User Portal. This occurs because the Mac App can only authenticate the user against the portal when the user is required to enter a password instead of using Touch ID.

Local Password Reset

  1. From your device login screen, an incorrect login attempt will trigger the Forgot password? option. 

  1. Click on Forgot password?
  2. A JumpCloud user login window will appear. Enter your Email, then click Continue.

  1. JumpCloud will redirect you to your Identity Provider login page. 
  2. Enter your email address, and your password, then click Next.

  1. The Reset Your Password screen will appear. Enter your password, confirm it again, then click Continue

Note: If you reset your password, a new, empty keychain will be issued, and the old one will be inaccessible. You can access your keychain in the future by providing your previous Keychain password.

Syncing Your JumpCloud Password with Your Device Password

If your password has changed outside of the JumpCloud menu bar app (such as by an Admin reset, or changing it in an upstream system that syncs passwords with JumpCloud), you have to sync your password in the JumpCloud menu bar app. 

To sync you JumpCloud password with your device password:

  1. Once your password has been changed, the JumpCloud menu bar app will recognize that your password has changed and push a notification to your device to confirm the new password and sync it to the device, macOS Keychain, and store it in FileVault.

Syncing Your JumpCloud Password in the User Portal When Your Device is Online

If you change your password in the JumpCloud User Portal, the password won't match the one you use to log in to your device.

To sync your new JumpCloud user password with your device password:

  1. In the top right corner of the menu bar, click the JumpCloud menu bar app icon. JumpCloud will recognize that you changed your password in the User Portal and needs to be synced to your device password. Click Confirm Now to re-enter the newly changed password.
  2. Under Recently Updated JumpCloud Password, enter the new password you just changed in the User Portal, then click Next.

  1. Under Current Device Password, enter the current password you use to log into your device, or leave it blank if you don’t remember it.

Warning: If you leave this field blank, the device’s Keychain will be reset, and you will no longer have access to the passwords, logins, and secure notes you previously saved to your device.

  1. Click Next.
  2. After your updated JumpCloud user and device passwords are confirmed, your JumpCloud account, User Portal credentials, device, and FileVault passwords will all be in sync.

Syncing Your JumpCloud Password in the User Portal When Your Device is Offline

If you change your password in the JumpCloud User Portal from another device while your JumpCloud-managed device is offline, the new password won’t match the one you use to log in to your device or any passwords stored in FileVault.

To sync your new JumpCloud user password with your device password:

  1. When your device is online again, log in with your new JumpCloud credentials.
  2. If FileVault is enabled, enter your FileVault password. This is your previous password used to log in to your device. When the password is verified, the system is decrypted.
  3. In the top right corner of the menu bar, click the JumpCloud tray app icon. JumpCloud will recognize that your passwords don’t match and they need to be synced. Click Confirm Now to re-enter the newly changed password.
  4. Confirm the new password by entering the new one you’ve just changed in the User Portal.
  5. The JumpCloud menu bar app will prompt you to confirm your new password to ensure that the Keychain, FileVault, and JumpCloud account passwords are in sync.

Syncing Your Password in Active Directory or from a Temporary Password

If your password is changed by your IT Admin or you change it in Active Directory, the new password won’t match the one you use to log in to your device or any passwords stored in FileVault. You can use these steps to sync your new password with the ones used on your company’s device.

Considerations

  • If an Admin sets a temporary password, you must first sync that temporary password with your device, FileVault, and Keychain. After these are all in sync, then you can change your temporary password.
  • In rare cases, you might see a confirmation that the new password is confirmed when it wasn’t. In this case, the JumpCloud menu bar app will prompt you to sync your password again. After entering your current password again, you will see a confirmation, the password changes have been synced, and the notification will disappear.
  • You will be prompted to enter your previous password. You can leave this blank, but you might see one of the following responses:
    • If Keychain isn’t in sync with the new password, Apple creates a new empty Keychain for you the next time you log in. You’re still able to sync your new JumpCloud password with your device and FileVault.
    • If the JumpCloud Service Account isn’t present on your device, an error will appear. Contact your IT Admin.

To sync your new JumpCloud password with your device:

  1. In the top right corner of the menu bar, click the JumpCloud tray app icon.
  2. In the Recently Updated JumpCloud Password field, enter the password set by your IT Admin or the one you changed in Active Directory.
  3. Click Next.
  4. When prompted for your Current Device Password, enter your device password or leave it blank if you don’t remember it.
  5. Click Next.
  6. You’ll receive a confirmation that your password change was successful. Your Mac password is in sync with JumpCloud, Keychain and FileVault.

Syncing Your JumpCloud Password with your Device when the JumpCloud Menu Bar App is Hidden

If the JumpCloud menu bar app is hidden, your admin has either configured an integration such as Okta, or you have Password Sync disabled for your device.

If your admin has configured an upstream integration such as Okta that syncs passwords to JumpCloud, you will be able to change your password in Okta, and then have that password synced withJumpCloudWhen you change your password in Okta, JumpCloud will recognize the change and push a notification to your device to confirm the new password and sync it to the device, macOS Keychain, and store it in FileVault.

To sync your JumpCloud password with your device after changing it in an upstream integration, such as Okta:

  1. Change your password in the upstream integration. 
  2. Next, restart your device so that you’re prompted to log in to the device again.
    • A user log out or a long period of inactivity (like after a weekend) will prompt you to log in again as well. 
  3. Enter the password you currently use to log in to your device. 
  4. On the next screen, you’ll be prompted to enter your previous device password, and your new password that you just changed in your IdP.

Note: If you leave the previous password field blank, a new empty Keychain will be created rendering the old Keychain inaccessible until the previous password is entered.

  1. Click the arrow to log in. 
  2. You will be logged into your device and your password synced.

To change your password when Password Sync is disabled for your device:

  1. See Changing Your Device Password in the System Settings below
  2. After changing your password in System Settings, there is no further action needed.

Changing Your Device Password in the System Settings

If a user changes a device password in System Settings (formerly System Preferences), their JumpCloud password will be out of sync with the device, and they will be prompted to reconcile the two passwords. This process will sync their JumpCloud password back to the device, rather than updating the JumpCloud password. They will then be able to use their JumpCloud password to log in to their device and access their JumpCloud-managed resources.

To change your device password in system settings:

  1. See Apple’s support documentation for Changing the login password on Mac to learn more. 

To sync the JumpCloud password back to the device:

  1. Once your password is changed in the system settings, you will receive a notification from the JumpCloud tray app prompting you to Confirm Your Password. Click on the notification to open the next modal.

  1. Click Confirm Now.

  1. Under Current JumpCloud Password, enter your current JumpCloud user password, then click Next.

  1. Under Current Device Password, enter the new device password that you just changed in System Settings, then click Next.

Warning: If you leave this field blank, the device’s Keychain will be reset, and you will no longer have access to the passwords, logins, and secure notes you previously saved to your device.

  1. You’ll receive a confirmation message that your JumpCloud password has been synced to the device. You’ll use your JumpCloud password to log into your device, and other JumpCloud-managed resources.

Correcting Unsynchronized JumpCloud and FileVault Passwords

When an old password grants FileVault access before the current JumpCloud password grants subsequent macOS device access, use these steps to resolve the discrepancy.

Note:

You must know both your previous password and the current password to use this procedure.

  1. Boot the device into Recovery Mode:
  2. In Recovery Mode’s MacOS Utilities screen, click the Utilities menu in the Mac menu bar, and select Terminal.
  3. In Terminal mode, enter this command and then press Return: # resetpassword.

Tip:

Verify that you've typed resetpassword as one word.

  1. The Reset Password utility launches and examines local volumes, and then displays three options. Choose My password doesn't work when logging in and click Next.
  2. Choose your JumpCloud user and click Next.
  3. Enter the current FileVault password to unlock the volume.
  4. Enter the current JumpCloud password in both the New password and Verify password fields and click Next.
  5. The macOS then prompts for a normal reboot. After the reboot, the FileVault and macOS device passwords are synchronized.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case