The Access Manager Mac Login Agent provides desktop integration for the Apple Mac. This allows users to perform a password reset from the login prompt.
Setup Access Manager
Before you install the Credential Provider module on your desktop clients you must first configure the API Allowed Networks list under the Remote Access tab. The image below shows an example 'allow all' configuration but it is highly recommended that you limit access to internal network IP addresses only.
The download package contains the application and configuration files.Save this to a folder on the Mac that you are installing the agent on.
Before you begin make a backup of your login.plist file by running this command:
security authorizationdb read system.login.console > system_login_console_backup.plist
The application is installed from a command prompt using the usage options below. Open a command prompt, then navigate to the folder location where you downloaded the application.
Access Manager Mac Agent [-h host] [-p port] [-t text]
[host] - The address of the Access Manager server that the Login Agent is connecting to.
[port] - The port which the Login Agent is connecting with.
[text] - The text you wish to be displayed to the user (defualts to "Forgot Your Password"
$ Access\ Manager\ Mac\ Agent.app/Contents/MacOS/Access\ Manager\ Mac\ Agent -h "https://youraccessmanagerserver" -t "Forgot your password?"
$ cp Access\ Manager\ Mac\ Agent.app/Contents/Resources/setting.plist .
$ Access\ Manager\ Mac\ Agent.app/Contents/MacOS/Access\ Manager\ Mac\ Agent -f “setting.plist”
$ Access\ Manager\ Mac\ Agent.app/Contents/MacOS/Access\ Manager\ Mac\ Agent –u
To View help Commands
$ Access\ Manager\ Mac\ Agent.app/Contents/MacOS/Access\ Manager\ Mac\ Agent –h
Once you have installed the agent, log out of the system. You should now see a “Forgot My Password” link below the user login. Clicking the link will open a web browser with the address defined and connect to the Access Manager server allowing you to reset your password.
You may want to consider customising the Desktop authentication flow under the Authentication tab. The default configuration is to ask the user to answer a random number of their reset questions; however Access Manager does support additional modules for PIN, Passphrase and One Time Password.