Configuring the Advanced Authentication MacOS X Client with FileVault

Document ID:7024332
Creation Date:09-Dec-2019
Modified Date:09-Dec-2019
- Micro Focus Products:
  Advanced Authentication

Environment

Advanced Authentication 6.2

Advanced Authentication 6.3

AAF Client for MacOS X v6.2

AAF Client for MacOS X v6.3

Situation

How to configure FileVault to work with and not bypass the Advanced Authentication MacOS Client protocol/authentication method(s)

By default, if a user logs in with FileVault enabled, this bypasses the Advanced Authentication client protocol and uses the FDEAutoLogin preference.

Resolution

To deactivate the AutoLogin with the FileVault from the MacOS X Client, run the following command:

sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

NOTE: This option prevents the user that decrypted FileVault from automatically logging in, a feature which ignores loginwindow's general "Disable automatic login" (com.apple.login.mcx.DisableAutoLoginClient) setting.

Additional Information

To reactivate the AutoLogin with the FileVault, run following command:

sudo defaults delete /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin

For more information please see the following FileVault documentation:

https://support.apple.com/en-us/HT204837
https://support.apple.com/en-us/HT207431