This article outlines how to use the recovery key to decrypt the macOS partition. This is helpful with account lockouts when FileVault is enabled.
- The device must have a FileVault Policy applied. See Create a Mac FileVault 2 Policy.
Retrieving the Recovery Key
To retrieve the recovery key:
- Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com/login.
- Go to DEVICE MANAGEMENT > Devices.
- Under Devices, select the relevant device.
- Select the Details tab, then click view key.
Decrypting the Disk with the Recovery Key
Network connectivity doesn't start until the disk has been decrypted. A hardwired network connection may be required to connect to the internet after decrypting FileVault, as Apple doesn't provide a way to connect to a wireless network at the login screen.
To decrypt the disk using the recovery key:
- Start the device.
- Select the user.
- In the Enter Password field, select ? on the right-hand side.
- Click …reset it using your Recovery Key. This will not reset your password.
- Enter the recovery key. Hyphens are automatically applied.
- Press Enter.
- The hard disk will now decrypt and network connectivity will be restored.
- Depending on the OS version, you will either be shown a password prompt for the user or show all active users.
To authenticate the user:
- Wait for the JumpCloud agent to check in. This happens in near real-time, but could take a few minutes.
- Enter the user’s current JumpCloud password to log in.
- If the password has changed, you will be prompted to enter the Old Password and Current Password to complete the sync.
- The user is logged into their account.