Skip to main content

Admin Password Sync Required on Desktop app (Mac)

Updated yesterday

This article explains how the Swif Desktop App on macOS handles situations where the local Swif Admin account password and the Swif server–stored password get out of sync, and how end‑users and admins can reset and resync the Swif Admin password.

When this applies

You may run into this if:

  • The Swif Admin account password was changed locally on the Mac, but not updated in Swif.

  • The Swif Admin account password was changed in Swif, but the Mac is still using the old password.

  • The Swif Admin password has expired due to a local password policy.

  • A new user was created successfully on a device, but:

    • The user doesn’t receive a Secure Token, or

    • Login fails even though the password looks correct, or

    • The password you see in Swif doesn’t work on the device.

  • In the portal you:

    • Create or reset a user password,

    • But on the device:

      • You can’t log in with that password, and/or

      • The password viewer says:

        “Password could not be retrieved for the selected system. Try Reset Password.”

In these cases, the Swif Desktop App must regenerate the Swif Admin password using an existing macOS admin user who has a Secure Token.

Why this happens (technical overview)

On macOS, operations like granting a Secure Token or managing certain user accounts require both:

  • A local admin user and its password, and

  • The Swif Admin account password.

If the password stored on the Swif server doesn’t match what’s on the Mac, Swif can’t complete those operations. That’s why:

  • User creation might complete but without a Secure Token.

  • Password updates in the Swif portal don’t take effect on the device.

  • Password retrieval fails with “password could not be retrieved…” and Swif suggests a Reset Password flow.

To fix this, Deskapp prompts the user for a local admin password and uses it to reset and sync the Swif Admin password safely.

What the user will see in Deskapp

When a password mismatch or related issue is detected, the macOS Deskapp will:

  1. Detect that the local Swif Admin password and the Swif server password are out of sync, or that the Swif Admin password cannot be used for Secure Token operations.

  2. Show a flow similar to “Reset Password – Sync Local Password”, prompting for:

    • A local macOS admin username (if not prefilled), and

    • The password for that admin.

This step is required so Swif can run a command equivalent to:

/usr/sbin/sysadminctl -adminUser {{ADMIN_USER}} -adminPassword ‘{{ADMIN_PASSWORD}}' -secureTokenOn swifteam -password ‘{{SWIF_ADMIN_USER_PASSWORD}}'

The actual command is handled by the Swif Desktop App; end users only need to supply a valid admin password.

End‑user steps: Fixing the issue on a Mac

If you see messages like:

  • “Password could not be retrieved for the selected system. Try Reset Password”

  • Or you’re prompted in the Swif Desktop App to sync/reset a password for Swif Admin:

Follow these steps:

  1. Confirm you are on the affected Mac

    • Make sure you are physically at the device (or have a secure remote session).

  2. Launch the Swif Desktop App

    • Open the Swif app on the Mac.

    • If prompted, choose the option to Reset or Sync Local Password for the Swif Admin.

  3. Enter a valid local admin account

    • In the prompt, provide:

      • A macOS admin username that:

        • Exists locally on the device, and

        • Has a Secure Token.

      • The correct password for that admin account.

    • This is typically the primary IT/admin account or an MDM-created admin account.

  4. Allow Swif to reset the Swif Admin password

    • After submitting the credentials, Deskapp will:

      • Validate the admin account and password.

      • Use them to re‑establish the Secure Token relationship with the Swif Admin account.

      • Regenerate and sync the Swif Admin password between the device and the Swif server.

  5. Reboot when prompted

    • In some flows, a reboot is required for changes to fully apply.

    • Save your work and reboot if requested by the app.

  6. Retry the original action

    • Try logging in again with the password shown in Swif.

    • Or retry:

      • Viewing the password

      • Creating a new user

      • Resetting a user’s password

    • These operations should now work, and new users should receive Secure Tokens correctly.

Admin tips and edge cases

1. The admin credentials are unknown

If you don’t know a valid local admin username/password on the device:

  • Coordinate with your IT / device management team to:

    • Recover or reset the admin password, or

    • Create a new admin with a Secure Token.

  • Once you have working admin credentials, return to the Swif Desktop App and rerun the Reset/Sync Local Password flow.

2. The prompt keeps reappearing

If, after entering credentials, you keep being prompted:

  • Double-check:

    • The username is for a local account (not just a directory/IdP account that doesn’t have local admin rights).

    • The account is actually an admin and has a Secure Token.

  • If you recently changed that admin’s password, ensure you are using the current password.

If it still repeats, collect logs and escalate to Swif support with:

  • Device ID

  • Username you’re entering

  • Approximate time of the last attempt

  • Screenshot of the error/prompt (if possible)

3. New user created but cannot log in / has no Secure Token

If a new user was created in Swif, but:

  • The user cannot log in with the generated password, and/or

  • They appear on the Mac without a Secure Token:

This often indicates that the Swif Admin password or Secure Token flow failed. You should:

  1. Run the Reset/Sync Local Password flow from Deskapp on that Mac.

  2. After it succeeds, either:

    • Retry password reset for that user from Swif, or

    • Recreate the user if appropriate.

Security considerations

  • Admin credentials are used locally to perform macOS Secure Token operations.

  • The process is designed to:

    • Avoid exposing admin credentials outside the device.

    • Restore alignment between:

      • The Swif server–stored Swif Admin password, and

      • The local Swif Admin account on macOS.

If your organization has strict security policies around admin credentials, coordinate with IT to ensure the process aligns with those policies (for example, using a dedicated device-admin account).

Summary

  • When the Swif Admin password gets out of sync or expires, Swif cannot:

    • Grant Secure Tokens to new users,

    • Reliably reset passwords, or

    • Retrieve passwords for some devices.

  • The macOS Deskapp detects this and prompts for a local admin password to:

    • Re‑establish the Secure Token relationship, and

    • Regenerate and sync the Swif Admin password.

  • After completing the flow and rebooting (if requested), user password operations and Secure Token assignments should work normally again.

Related Articles
How to Reset a Device Password
Apple User Authorization Policy
Why Swif Requests Secure Token Access for Swif Admin on macOS
How to fix the “Secure Token could not be activated for the Swif admin account. Please check your password.”
Swif Admin User Behavior on Managed Devices
Did this answer your question?