{"id":16211,"date":"2018-06-25T08:00:37","date_gmt":"2018-06-25T14:00:37","guid":{"rendered":"https:\/\/www.jumpcloud.com\/?p=16211"},"modified":"2023-06-13T14:32:21","modified_gmt":"2023-06-13T18:32:21","slug":"secure-token-filevault","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault","title":{"rendered":"Secure Token and FileVault\u00ae"},"content":{"rendered":"\n

When Apple<\/span>\u00ae<\/sup><\/span> introduced FileVault<\/span>\u00ae<\/sup><\/span> years ago, IT admins were thrilled. When it comes to security mechanisms, a way to automatically encrypt a drive is a powerful tool. Over the years, Apple has continued to evolve their functionality, and most recently have made big changes with macOS<\/span>\u00ae<\/sup><\/span> High Sierra. By combining Secure Token and FileVault, they have almost completely revamped how disk encryption and user management work.<\/span><\/p>\n\n\n\n

The Result of Combining Secure Token and FileVault<\/span><\/h2>\n\n\n
\n
\"mac<\/figure><\/div>\n\n\n

<\/span>This combination now forces every user to have a valid Secure Token in order to be able to interact with FileVault. At first pass, that doesn\u2019t seem too bad. Fundamentally, the idea is that a user created on the system should have been created properly and by design. So in other words, Apple was driving the process towards creating users locally on the machine rather than through methods that IT management tools have leveraged in the past. <\/span><\/p>\n\n\n\n

The problem is that Apple broke the path for IT management tools (i.e. identity providers\/directory services) to create users, and instead forces those users to be created locally on each machine. This has the potential to be an administrative nightmare. Users created via the command line or network users do not have a Secure Token, and therefore aren\u2019t valid users in the eyes of macOS High Sierra. The result is that these users cannot properly interact with FileVault, which serves up quite the plateful of problems for IT admins.<\/span><\/p>\n\n\n\n

For IT admins that leverage <\/span>Microsoft<\/span>\u00ae<\/sup><\/span> Active Directory<\/span>\u00ae<\/sup><\/span> (MAD or AD)<\/span><\/a> or other similar directory services, the ability to create and manage macOS users with FileVault enabled has been broken. That means that IT admins will need to manually go host-by-host, resolving user management issues and giving the user a valid Secure Token. Of course, that\u2019s not a viable method for macOS user or system management for organizations with Mac fleets of considerable size.<\/span><\/p>\n\n\n\n

An Automated Solution<\/span><\/h2>\n\n\n
\n
\"secure<\/figure><\/div>\n\n\n

The good news is that there is now an automated solution to solving the Secure Token and FileVault issue for macOS users. <\/span>探花大神<\/span>\u00ae<\/sup><\/span>\u2019s Directory-as-a-Service<\/span>\u00ae<\/sup><\/span><\/a> platform can remotely create new users and ensure that those users have a valid Secure Token. <\/span><\/p>\n\n\n\n

To be honest, it took a tremendous amount of engineering to figure out the right and secure way to handle this tricky issue that the update to macOS created. That said, 探花大神\u2019s macOS agent now solves for users created remotely through our identity management platform, and ensuring that FileVault is properly enabled and used by each user. IT admins do not need to manually access every machine when conducting user management on macOS systems and\/or enabling FileVault (which incidentally should be enabled on every device for enhanced security). Another significant benefit of this approach is that the user only needs to log in once to their device, and there are additionally less steps overall for admins to grant FileVault access.<\/span><\/p>\n\n\n\n

So, while applying FileVault to your user base is incredibly valuable, it also can be tricky. Apple\u2019s recent changes to Secure Token and FileVault have perplexed and frustrated IT organizations worldwide. With 探花大神\u2019s automation of macOS user management and tight integration with FileVault and other macOS system management activities, IT admins can eliminate the pain of managing FileVault with macOS users.<\/span><\/p>\n\n\n\n

Learn More<\/span><\/h2>\n\n\n\n

To learn more about Secure Token and FileVault, check out our <\/span>engineering blog article<\/span><\/a> and our Knowledge Base<\/a>. You can also <\/span>contact our support team<\/span><\/a> to ask any questions that might arise. And, of course, if you want to leverage 探花大神 Directory-as-a-Service to assist your organization with the changes brought about by the Secure Token\/FileVault combination, <\/span>try it for free<\/span><\/a>. Your first 10 users are complementary, and can be used forever.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.<\/p>\n","protected":false},"author":70,"featured_media":16212,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2778],"platform":[],"funnel_stage":[3016],"coauthors":[2515],"acf":[],"yoast_head":"\nSecure Token and FileVault\u00ae - 探花大神<\/title>\n<meta name=\"description\" content=\"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure Token and FileVault\u00ae\" \/>\n<meta property=\"og:description\" content=\"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\" \/>\n<meta property=\"og:site_name\" content=\"探花大神\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-25T14:00:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-13T18:32:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Zach DeMeyer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zach DeMeyer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\"},\"author\":{\"name\":\"Zach DeMeyer\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/5b2c563fb7404910e9be96e7d4e7828d\"},\"headline\":\"Secure Token and FileVault\u00ae\",\"datePublished\":\"2018-06-25T14:00:37+00:00\",\"dateModified\":\"2023-06-13T18:32:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\"},\"wordCount\":625,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png\",\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\",\"url\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\",\"name\":\"Secure Token and FileVault\u00ae - 探花大神\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png\",\"datePublished\":\"2018-06-25T14:00:37+00:00\",\"dateModified\":\"2023-06-13T18:32:21+00:00\",\"description\":\"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png\",\"width\":1024,\"height\":512,\"caption\":\"Secure Token and FileVault\u00ae\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure Token and FileVault\u00ae\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"探花大神\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"探花大神\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"探花大神\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/5b2c563fb7404910e9be96e7d4e7828d\",\"name\":\"Zach DeMeyer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d1d6602d927eb5a16b1dfd4ba6b4c219\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2145e4e676784129043e5eec7c4e41e6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2145e4e676784129043e5eec7c4e41e6?s=96&d=mm&r=g\",\"caption\":\"Zach DeMeyer\"},\"description\":\"Zach is a Product Marketing Specialist at 探花大神 with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.\",\"sameAs\":[\"http:\/\/www.jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Secure Token and FileVault\u00ae - 探花大神","description":"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault","og_locale":"en_US","og_type":"article","og_title":"Secure Token and FileVault\u00ae","og_description":"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.","og_url":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault","og_site_name":"探花大神","article_published_time":"2018-06-25T14:00:37+00:00","article_modified_time":"2023-06-13T18:32:21+00:00","og_image":[{"width":1024,"height":512,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png","type":"image\/png"}],"author":"Zach DeMeyer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Zach DeMeyer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault"},"author":{"name":"Zach DeMeyer","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/5b2c563fb7404910e9be96e7d4e7828d"},"headline":"Secure Token and FileVault\u00ae","datePublished":"2018-06-25T14:00:37+00:00","dateModified":"2023-06-13T18:32:21+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault"},"wordCount":625,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png","articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault","url":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault","name":"Secure Token and FileVault\u00ae - 探花大神","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png","datePublished":"2018-06-25T14:00:37+00:00","dateModified":"2023-06-13T18:32:21+00:00","description":"By combining Secure Token and FileVault\u00ae, Apple\u00ae is completely revamping the way that disk encryption and user management work.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/secure-token-filevault"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2018\/06\/pablo-19.png","width":1024,"height":512,"caption":"Secure Token and FileVault\u00ae"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/secure-token-filevault#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Secure Token and FileVault\u00ae"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"探花大神","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"探花大神","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"探花大神"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/5b2c563fb7404910e9be96e7d4e7828d","name":"Zach DeMeyer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d1d6602d927eb5a16b1dfd4ba6b4c219","url":"https:\/\/secure.gravatar.com\/avatar\/2145e4e676784129043e5eec7c4e41e6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2145e4e676784129043e5eec7c4e41e6?s=96&d=mm&r=g","caption":"Zach DeMeyer"},"description":"Zach is a Product Marketing Specialist at 探花大神 with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.","sameAs":["http:\/\/www.jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/16211"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/70"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=16211"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/16211\/revisions"}],"predecessor-version":[{"id":90904,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/16211\/revisions\/90904"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/16212"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=16211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=16211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=16211"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=16211"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=16211"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=16211"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=16211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}