Body
          
Starting in the Spring 2024, all new macOS computers managed by UMS:IT will use a new process to log in. In past years, users would log in with a local account that may not match their UMS username and password. This has been a security risk as the passwords do not change and users would need to remember multiple passwords. UMS:IT will now use a tool called JAMF Connect to log into the workstation with a user's full UMS email address and UMS password.
Detailed Information
	- If a user has not signed into the computer before and are just starting up the machine, they will be asked for the password of an existing user. This is the Apple Filevault window and cannot access the internet or JAMF Connect. If the user is not the one listed, they must contact UMS:IT for the FileVault key to unlock the machine and access the following screens to sign into the computer.
- Users accessing the new login process will be presented with the familiar blue Maine background and a UMS branded Microsoft login window overlaying the old login window.
	
	
- Users simply need to use their FULL UMS email address, example@maine.edu, to and click next.
- If it is a valid account in the UMS Azure tenant, it will display a branded UMS login page, asking the user for their UMS password.
	
	
- Please note, logging in with any non @maine.edu address will take the user back to the login page and will disallow the user to log in.
- If a user has Duo MFA enabled, they will be prompted with a Duo MFA screen after attempting to log in with their password. 
- The user will be taken to a desktop and a local account will be create for this session.
- 
	Troubleshooting
- A user changes their password and is logging into a machine that keeps the user accounts.
	
		- Users will log in with their new UMS password, but will be prompted with a JAMF Connect login window to update their local account password.
- If this fails, users can submit a ticket to IT to have their local account on the workstation removed and a new profile will be created on next login.
 
- A user forgot to type in @maine.edu.
	
		- One of two actions will occur, a notice will displayed that the user could not be found, type in the full email address to continue.
- Or the login screen goes blank and will not allow the user to sign in. Clicking the refresh button at the bottom will force the window to refresh and accept new logins.
 
- A user tried to sign in with their personal Microsoft account or one belonging to another organization.
	
		- The user will be prompted for their personal password, but signing in will take the user back to the initial log in screen.
- ONLY UMS Microsoft accounts with the @maine.edu domain will allow the user to sign in.
 
- A user's primary account for signing into the services is their Aux UMS account or their account hasn't been synced to Azure.
	
		- Submit a ticket to IT to verify and manually sync your account.
 
	- 
	Environment
- All UMS-Managed macOS computers, computer labs, and some non-UMS:IT computer labs set up in coordination with UMS:IT.
- All managed macOS clients will be running macOS 12.x thru 14.x