Below is a guide explaining how Swif’s Linux MDM service handles the Swif admin user on both BYOD (Bring Your Own Device) and non-BYOD devices, why this user is created, and how you can customize or disable its creation.
Overview
When you enroll a Linux device in Swif MDM, the system creates a hidden Swif admin account. On macOS devices, the Swif admin user is utilized for certain elevated tasks, such as privileged actions for remote management or troubleshooting. However, on Linux devices, this admin user does not serve a specific day-to-day function in most configurations—its primary role is to allow for future MDM functionalities.
Key Points:
The Swif admin account is hidden by default on all managed devices (both BYOD and non-BYOD).
For BYOD enrollments, there is an option to disable creation of the Swif admin user altogether if your organization prefers not to have any hidden administrative accounts on personally owned devices.
Swif Admin on Non-BYOD Devices
Creation & Purpose
During enrollment, Swif automatically creates the hidden Swif admin account on non-BYOD (corporate-owned) devices.
Even though it may not be actively used on Linux as it is on macOS, this account can be leveraged for future MDM functionalities or certain support processes.
The account remains hidden: it does not show up in the list of available users during login, nor does it appear as a standard local user.
Visibility & Management
Visibility: By default, it’s not visible to the end user or listed in standard GUI user management tools.
Management: Swif’s MDM service manages password rotation (where applicable) and security controls for this account.
Removal: We recommend not removing or renaming the Swif admin user if your organization is using non-BYOD enrollment. Doing so could interfere with some of the MDM’s administrative or security checks.
Swif Admin on BYOD Devices
Creation & Purpose
For BYOD (employee-owned) devices, Swif also creates the Swif admin user by default to maintain a consistent management framework across all devices.
In most cases, this account is similarly hidden and does not interfere with normal device usage.
Option to Disable
Unlike non-BYOD devices, you can choose to disable the creation of the Swif admin user on BYOD devices if your organization’s policy requires minimal intrusion or hidden accounts on personal devices.
To disable creation for BYOD enrollments, navigate to your Swif MDM Enrollment Settings for Linux:
Go to Settings in the Swif admin console.
Go to General tab
Select the Device Enrollment > BYOD Devices policy for Linux.
Look for the Swif Admin User setting.
Toggle Swif Admin User to OFF
Note: If this setting is disabled after devices have already enrolled, the existing Swif admin account will remain on those devices. You may need to remove or deactivate the user manually if desired.
Security Considerations
Hidden By Default
Swif admin is hidden to minimize confusion and maintain normal user experience. It won’t appear in the login screen or typical user lists.Restricted Usage
By default, the Swif admin user on Linux is not utilized for day-to-day tasks. On macOS, it may be used more frequently for certain privileged actions. In Linux environments, it primarily serves as a placeholder for advanced MDM features.Password Management
Swif manages the Swif admin password internally. Administrators do not typically need direct access to this account. In certain troubleshooting scenarios, Swif Support may guide you on using or rotating the credential if necessary.Disabling for BYOD
If privacy or security policies prohibit hidden administrative users on personal devices, you can disable creation of this account entirely for BYOD enrollments.
Frequently Asked Questions
Q1: Can employees or end users see or access the Swif admin user?
A1: No. The Swif admin user is hidden by default and does not appear in login or most user interfaces. It is restricted and not meant for day-to-day use.
Q2: Does disabling the Swif admin user affect MDM functionality on BYOD devices?
A2: Disabling it does not typically hinder fundamental MDM functions like inventory or basic configuration. However, some advanced features requiring elevated privileges may not be available without the Swif admin account.
Q3: How do I remove the Swif admin user from a device that’s already enrolled?
A3: We recommend contacting Swif Support before removing the account to ensure it does not affect active MDM policies. If needed, you can remove it manually with system user management tools, but we advise caution and verifying you have an appropriate fallback for any elevated tasks.
Q4: Is the Swif admin password secure?
A4: Yes, the MDM service handles the password securely. You do not need to manage it manually. If you have compliance requirements (e.g., requiring password rotation), contact Swif Support to configure or verify your rotation policy.
Conclusion
The Swif admin user is part of Swif’s strategy to deliver a cohesive MDM experience across different platforms—providing a secure, administrative channel without disrupting normal user operations. While it remains mostly unused on Linux devices day-to-day, it sets the stage for future MDM capabilities or specific support tasks.
For BYOD setups, organizations can opt out of creating the Swif admin user if needed, balancing employee privacy and corporate security requirements. For non-BYOD, we recommend keeping it in place to ensure Swif MDM can fully manage and support your corporate Linux devices.
If you have any additional questions or need assistance managing the Swif admin user, please reach out to our Swif Support team or consult the Swif Documentation.