Support Center

JumpCloud provisioned users do not appear on Filevault login screen after power cycle

Symptoms

Applies to: Mac systems 10.10-12.x  with FileVault enabled. For 10.13.x, see Managing users with High Sierra, Filevault, and APFS

After provisioning a new user to a macOS system using the JumpCloud agent, on a power cycle, the new user does not show up on the Filevault login screen.
 
Cause

The JumpCloud agent does not currently auto-provision users to FileVault to enable them to decrypt the drive. 

Solution

There are several methods for enabling a user to decrypt FileVault:

GUI
Command line (One or few users)
Command line script (Many users)
 

GUI

1. Go to the System Preferences > Security and Privacy

2. Select the FileVault tab, and click the lock in the lower left corner to make changes




4. Click "Enable Users..."




5. Select the users you wish to allow to decrypt the disk, and click "Enable User..."




6. Enter the user's password and click OK:



 

Command line

If adding one or just a few users, this can be accomplished on the command line as root. The root password or current Filevault recovery key, as well as the user's existing password, are required. In this example, the user 'fvuser' is being added:
 
myMac:~ root# fdesetup add -usertoadd fvuser
Enter a password for '/', or the recovery key:
Enter the password for the added user 'fvuser':
myMac:~ root# 
 

Command line script

If many users need to be added, a plist can be imported.  See our example scripts on GitHub.  fvsetup.sh and fvusers.plist
 

Last Updated: Jun 19, 2018 04:03PM MDT

Related Articles
desk-forwarding@jumpcloud.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete