{"id":75444,"date":"2023-06-05T13:09:17","date_gmt":"2023-06-05T17:09:17","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=75444"},"modified":"2024-01-30T15:57:33","modified_gmt":"2024-01-30T20:57:33","slug":"resolve-lockouts-on-apple-silicon-macs","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs","title":{"rendered":"Resolve Lockouts on Apple Silicon Macs"},"content":{"rendered":"\n
JumpCloud macOS users with a Mac system with an Apple Silicon processor can now reset the JumpCloud IdentityOS\u00ae password when the device is using FileVault 2 Full Disk Encryption using RecoveryOS. Previously, users on these devices were locked out because the devices do not prompt for the FileVault recovery key, and instead display a prompt to reboot into RecoveryOS. <\/p>\n\n\n\n
At the FileVault login screen, users can choose to restart and show password reset options. When the system is booted into RecoveryOS, the user is required to enter the FileVault 2 recovery key to unlock the disk. After the disk is unlocked using the FileVault 2 Personal Recovery Key, the user can reset the JumpCloud IdentityOS password to a new value. This new password will work at the FileVault 2 boot screen and will unlock the disk to allow the boot process to continue.<\/p>\n\n\n\n
<\/p><\/div>
Tip:<\/strong> \n
Users who have forgotten their password or changed their password outside of the JumpCloud menu bar app and can’t log into their device can press Option <\/strong>+ Shift <\/strong>+ Return <\/strong>simultaneously at the FileVault login screen and enter the Recovery Key to unlock their device. Subsequently, they’ll be able to log in with the temporary password or their updated password.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
After the device has booted, the user enters the previous password and the new password at the JumpCloud login screen. The previous password is the password the user just entered during RecoveryOS, and the new password is the authoritative JumpCloud IdentityOS login password. If their JumpCloud login password has changed since the last successful login–reset by an administrator, so that the user would know it, for example–the user\u2019s keychain is regenerated on login.<\/p>\n\n\n\n
JumpCloud implemented a workaround that disables password change blocking by default on Apple Silicon devices, so that an IT Admin cannot enforce blocking local password changes on these devices. The BlockPwChangePolicy<\/kbd> was previously set by the JumpCloud agent in Apple\u2019s Open Directory LDAP service for each managed user. This is the setting that prevented the user from resetting the password at the FileVault login screen. <\/p>\n\n\n\n
Disabling the BlockPwChangePolicy<\/kbd> setting lets the user update or change a local password, which requires the user to re-sync the JumpCloud password after moving past the FileVault screen.<\/p>\n\n\n\n
<\/p><\/div>
Warning:<\/strong> \n
If your user resets the password using System Settings, the\u00a0JumpCloud password is\u00a0not<\/strong>\u00a0changed. This results in an out-of-sync event between the user\u2019s local login password and the JumpCloud IdentityOS password. The JumpCloud menu bar app will prompt the user to fix the problem during the current login session:<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<\/figure>\n\n\n\n
The user enters the JumpCloud password at the next screen, and then enters the current login password at the second screen:<\/p>\n\n\n\n<\/figure>\n\n\n\n
After the user clicks Next<\/strong>, the local login password is changed to the JumpCloud IdentityOS password and the keychain is reconciled.<\/p>\n\n\n\n
Alternatively, on the next restart, the JumpCloud login screen will reconcile the password issue.<\/p>\n","protected":false},"excerpt":{"rendered":"
JumpCloud macOS users with a Mac system with an Apple Silicon processor can now reset the JumpCloud IdentityOS\u00ae password when […]<\/p>\n","protected":false},"author":203,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852],"support_tag":[],"coauthors":[2837,3011],"acf":[],"yoast_head":"\n
Resolve Lockouts on Apple Silicon Macs - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Resolve Lockouts on Apple Silicon Macs\" \/>\n<meta property=\"og:description\" content=\"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-30T20:57:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"derekpietras, nickconrad\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs\",\"url\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs\",\"name\":\"Resolve Lockouts on Apple Silicon Macs - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png\",\"datePublished\":\"2023-06-05T17:09:17+00:00\",\"dateModified\":\"2024-01-30T20:57:33+00:00\",\"description\":\"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Resolve Lockouts on Apple Silicon Macs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Resolve Lockouts on Apple Silicon Macs - JumpCloud","description":"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs","og_locale":"en_US","og_type":"article","og_title":"Resolve Lockouts on Apple Silicon Macs","og_description":"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.","og_url":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs","og_site_name":"JumpCloud","article_modified_time":"2024-01-30T20:57:33+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes","Written by":"derekpietras, nickconrad"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs","url":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs","name":"Resolve Lockouts on Apple Silicon Macs - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png","datePublished":"2023-06-05T17:09:17+00:00","dateModified":"2024-01-30T20:57:33+00:00","description":"Learn how to resolve JumpCloud user lockouts on Apple silicon devices running FileVault 2 disk encryption.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/resolve-lockouts-on-apple-silicon-macs#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Resolve Lockouts on Apple Silicon Macs"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75444"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/203"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75444\/revisions"}],"predecessor-version":[{"id":104559,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75444\/revisions\/104559"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75444"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75444"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75444"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\"){kind=icon}
<\/p><\/div>![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\"){kind=icon}
<\/p><\/div>![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed_toast.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/mac_app_password_recently_changed.png\")
<\/figure>\n\n\n\n