One of the options available in Jamf Pro is creating user accounts which are specific to a Jamf Pro instance. These user accounts can be used for a variety of purposes, including service accounts and emergency use admin accounts for Jamf Pro’s failover functionality for SSO. One limitation of Jamf Pro standard user accounts is that as of this time the authentication option for Jamf Pro standard accounts is username and password. For Jamf Pro standard user accounts, you can set a password policy which allows you to configure the following options:

• Number of login attempts allowed before a Jamf Pro user is locked out of the account
• Password length and age
• Password reuse limitations
• Password complexity

However, the password is not the only option you’re setting when creating a Jamf Pro standard user. Assuming that this is an account not tied to a specific person (as would be the case for a service account or an emergency use admin account), you can set to the username to a long randomized string. This can help secure the account because an attacker needs both the username and password for an account in order to authenticate and the long randomized string should make it more difficult for an attacker to guess the username. For more details, please see below the jump.

The Jamf Pro standard user’s username field can support up to 255 characters. The username field itself supports using lowercase letters and numbers when creating usernames. Within this 255 character limit, you can set a very long randomized string as the username.

Note: The Jamf Pro standard user’s username field should be able to support more than lowercase letters and numbers, but in my experience usernames are normally set using lowercase letters and numbers, like this:

localadmin121

Usernames are usually not set using the following:

• UPPPERCASE LETTERS
• Special characters like the following: ! @ # $ % ^ & * ( ) – _ = + \ | [ ] { } ; : / ? . >

When folks historically don’t do something, it also usually means that there hasn’t been a lot of testing of those conditions. In turn, that may mean there’s yet-undiscovered problems which can crop up.

For this reason, I’m going to stick with only using lowercase letters and numbers in the examples used in this blog post. It’s possible the use of uppercase letters and special characters is just fine and setting a username like LOLRICHISWRONG!@()_ works without problems, but I’ll leave further experimentation on this topic to my readers and for this post stick with a format which I see the least problems with: lowercase letters and numbers.

To leave some room in the character limit, let’s generate a username which is 250 characters long which is a randomized string of lowercase letters and numbers. You can do this using the following command:

Note: The export LC_CTYPE=C.UTF-8 part of the command is there because the tr command will otherwise return tr: Illegal byte sequence on macOS when working with /dev/urandom‘s output:

https://andres.jaimes.net/linux/random-string/

That command should return a 250 character string like the one shown below:

You can then use that string when creating a Jamf Pro standard user.