In macOS Catalina (10.15), Apple introduces a new method of SecureToken enablement called Bootstrap Token. This is a new MDM-based feature that can automatically provide a SecureToken on all mobile accounts and other local accounts created by Addigy (upon login). Addigy MDM solution supports the Bootstrap Token and can provide SecureToken to a mobile user account. This is a seamless process with a small subset of requirements outlined below. The Bootstrap Token does not require additional MDM Configurations to be deployed.
In macOS 11 and later, the Bootstrap Token will grant a SecureToken to any user logging into a macOS device, including local user accounts. If you have a FileVault-enabled device, it is not possible to grant SecureToken at the FileVault login window.
In order to check if the Bootstrap Token was escrowed, check out our article on How to Verify the macOS Bootstrap Token Was Escrowed
Device Requirements
- macOS Catalina 10.15+
- If macOS Catalina, it has to be enrolled via Automated Device Enrollment. If macOS Big Sur 11+, all MDM Enrollment methods (except BYOD) will grant Bootstrap Token.
- Must be bound to a directory service like Active Directory (only for mobile accounts).
- A Managed Administrator account must be created.
Note: In macOS Catalina 10.15.4 or later, any user created during the Automated Device Enrollment process can escrow the bootstrap token.
Configuration Requirements
While there are no additional configurations needed on the Addigy platform, outside of Automated Device Enrollment, there are some additional considerations on the device that need to be considered.