System Configuration<\/strong>: One JumpCloud User Bound to system<\/p>\n\n\n\nIf the Institutional Recovery Key + Personal Recovery Key combination is used when encrypting a Mac system with a T2 chip, and if the password for the single user is forgotten, the system must boot to recovery to make use of the Institutional Recovery Method. <\/p>\n\n\n\n
If a single JumpCloud user is bound to a FileVault encrypted system with the Institutional Recovery Key + Personal Recovery Key recovery method, that user could get locked out of their system indefinitely if they were to forget their password. At this time, JumpCloud accounts can not have their passwords reset in Recovery Mode to prevent unauthorized access.<\/p>\n\n\n\n
Supported FileVault Recovery Method \/ Single JumpCloud User Scenarios<\/h2>\n\n\n\nPersonal Recovery Key with Single User<\/h3>\n\n\n\n FileVault Recovery Method<\/strong>: Personal Recovery Key<\/p>\n\n\n\nSystem Configuration<\/strong>: One JumpCloud User Bound to system<\/p>\n\n\n\nA single JumpCloud user is bound to a FileVault encrypted system with a Personal Recovery Key recovery method. If that user is locked out of their system by forgetting their password, they could bypass the FileVault screen with the Personal Recovery Key. Once at the login screen and when connected to a network (either a known wifi network or with an ethernet connection) the JumpCloud agent can change the user\u2019s password.<\/p>\n\n\n\n
Supported FileVault Recovery Methods \/ Multiple User Scenarios <\/h2>\n\n\n\nInstitutional Recovery Key + Personal Recovery Key with Multiple User<\/h3>\n\n\n\n FileVault Recovery Method<\/strong>: Institutional Recovery Key + Personal Recovery Key<\/p>\n\n\n\nSystem Configuration<\/strong>: One JumpCloud user, one local administrator.<\/p>\n\n\n\nA system is FileFault encrypted with an Institutional and Personal Recovery Key. If that user is locked out of their system by forgetting their password, they could either be provided the local administrator account password to bypass FileVault or enter Recovery Mode using the Personal Recovery Key. In Recovery Mode, the FileVault enabled local administrator account\u2019s password can be reset to enter the login screen. Once at the login screen and when connected to a network (either a known wifi network or with an ethernet connection) the JumpCloud Agent can change the JumpCloud user\u2019s password.<\/p>\n\n\n\n
AppleID + Personal Recovery Key with Multiple User<\/h3>\n\n\n\n FileVault Recovery Method<\/strong>: Institutional Recovery Key + Personal Recovery Key<\/p>\n\n\n\nSystem Configuration<\/strong>: One JumpCloud user, one local administrator.<\/p>\n\n\n\nA system is FileFault encrypted with an AppleID and Personal Recovery Key recovery method. If that user is locked out of their system by forgetting their password, they could either be provided the local administrator account\u2019s password to bypass FileVault or enter Recovery Mode with the AppleID credentials and then reset the password of the local administrator account to get to the login screen. Once at the login screen and when connected to a network (either a known wifi network or with an ethernet connection) the JumpCloud Agent can change the JumpCloud user\u2019s password.<\/p>\n\n\n\n
Personal Recovery Key with Multiple Users<\/h3>\n\n\n\n FileVault Recovery Method<\/strong>: Personal Recovery Key<\/p>\n\n\n\nSystem Configuration<\/strong>: One JumpCloud User bound to system<\/p>\n\n\n\nA set of JumpCloud users are bound to a FileVault encrypted system with a Personal Recovery Key. If any user is locked out of their system by forgetting their password, they can bypass the FileVault screen using the Personal Recovery Key. Alternatively, a different user\u2019s password can be used to bypass the FileVault screen. Once at the login screen and when connected to a network (either a known wifi network or with an ethernet connection) the JumpCloud agent can change a user\u2019s password.<\/p>\n\n\n\n
If a non-JumpCloud user account was provisioned on this system, that account\u2019s password could be reset in Recovery Mode. That user\u2019s password could be used to bypass FileVault and gain access to the login screen. Once at the login screen and when connected to a network (either a known wifi network or with an ethernet connection) the JumpCloud Agent can change the user\u2019s password. Alternatively, if no known network is available at the login screen, that newly reset user account can be used to access the OS and connect to a network.<\/p>\n","protected":false},"excerpt":{"rendered":"
To decrypt a FileVault encrypted device, either enter a password for a FileVault encrypted user or, if all passwords have […]<\/p>\n","protected":false},"author":218,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2925,2852],"support_tag":[],"coauthors":[3011],"acf":[],"yoast_head":"\n
Understand Supported FileVault Recovery and User Scenarios - JumpCloud<\/title>\n \n \n \n \n \n \n \n \n \n \n\t \n\t \n\t \n \n \n\t \n\t \n\t \n