Onboard local users
If there are local (non-domain) users, for example, users not in AD, then those users must be manually enabled before they can log into their workstation using Mac Workstation Authentication.
To onboard a local user:
-
Log into the Mac as a local user.
-
Click the ForgeRock icon in the top right of the menu bar.
-
Click Enable For This User….
-
Enter the user’s username in the Account field and click Next.
-
Enter the user’s Mac credentials.
-
If you are using the push MFA method, after you validate the Mac credentials, a notification is sent to the ForgeRock Authenticator application to approve.
-
If you are using the OATH OTP MFA method, put the OTP code from the ForgeRock Authenticator application right after the password in this step.
Failure to do this will result in the end user not being registered.
-
-
Download and install the binaries from Backstage (you must be logged in).
-
Install the Mac client on end users machines.
-
(Optional). Onboard and enable local users on their Mac machine.
-
(Optional). Enable Offline OTP to allow users to login to their Mac when not connected to the internet.
-
Verify and test with a test user.