Configuring the Advanced Authentication MacOS X Client with FileVault

  • 7024332
  • 09-Dec-2019
  • 09-Dec-2019

Environment

Advanced Authentication 6.2
Advanced Authentication 6.3
AAF Client for MacOS X v6.2
AAF Client for MacOS X v6.3

Situation

How to configure FileVault to work with and not bypass the Advanced Authentication MacOS Client protocol/authentication method(s)

By default, if a user logs in with FileVault enabled, this bypasses the Advanced Authentication client protocol and uses the FDEAutoLogin preference.

Resolution

To deactivate the AutoLogin with the FileVault from the MacOS X Client, run the following command:
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

NOTE: This option prevents the user that decrypted FileVault from automatically logging in, a feature which ignores loginwindow's general "Disable automatic login" (com.apple.login.mcx.DisableAutoLoginClient) setting.

Additional Information

To reactivate the AutoLogin with the FileVault, run following command:
sudo defaults delete /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin

For more information please see the following FileVault documentation:

Feedback service temporarily unavailable. For content questions or problems, please contact Support.