Swif introduces a new User Authorization Policy for macOS, enabling administrators to control password reset and user addition behaviors on enrolled devices. This feature is designed to improve security, reduce unauthorized modifications, and align with organizational policies.
Feature Overview
The User Authorization Policy includes the following options:
Passcode Modification Control
Allows administrators to set whether users can modify their device passwords locally.
Option: True/False
True: Users can modify their device passwords locally.
False: Users are restricted from modifying their passwords locally.
User Addition Control
Allows administrators to enable or disable the ability to add new user accounts on macOS devices.
Option: True/False
True: Users can add new accounts to the device.
False: Adding new accounts is restricted.
Note: If a user resets their password locally through another admin account, Swif cannot directly prevent this action.
Setting Up the User Authorization Policy
Follow these steps to configure the User Authorization Policy for macOS devices:
Navigate to the Policy Management Page
Log in to the Swif Admin Dashboard.
Go to Device Management > Policies.
Create or Edit a Policy
Select an existing policy or click Create New Policy.
Name the policy and ensure macOS devices are selected under the Target Devices.
Configure Authorization Options
Set the Passcode Modification option to True or False based on your organization’s needs.
Set the User Addition option to True or False to control whether users can add accounts.
Apply the Policy
Assign the policy to the relevant device groups or users.
Click Save and Apply to enforce the changes.
Best Practices for Secure Password Management
Encourage Users to Reset Passwords via the Swif Portal
Direct users to reset their passwords using the Swif agent interface or web login for a controlled and secure process. This ensures password resets are logged and compliant with your security policies.Leverage MFA for Self-Service Portal
Enable multi-factor authentication (MFA) for users accessing the self-service portal to add an extra layer of security.
FAQs
1. Can we completely prevent users from resetting their passwords locally?
While Swif restricts passcode modification when the option is set to False, users with access to another admin account can bypass this restriction. Swif recommends enforcing strict access controls and user privileges to mitigate this risk.
2. How does this feature help with compliance?
By centralizing password management and restricting unauthorized changes, this feature aligns with compliance requirements such as SOC 2, ISO 27001, and HIPAA, ensuring secure device management.
Need Help?
For further assistance or questions about setting up User Authorization Policies, please contact Swif Support or visit our Help Center.