Home > Jamf Pro > Blocking account logins to the ?failover login page on Jamf Pro
As part of Jamf Pro’s single-sign on (SSO) logins, there’s an option to bypass the SSO login using the following URL:
https://your.jamf.pro.server.here:8443/?failover
This URL is designed to let you bypass the SSO login page and take you to Jamf Pro’s own login, so that if your SSO provider is having a bad day, you can still log into your Jamf Pro server.
For those wanting to make sure that that their folks are only using SSO for logins, this can seem like a security hole. Fortunately, there’s a way to plug it. For more details, please see below the jump.
If you want to block access to the failover login for a specific user or a group, here’s how to do this:
This change will do two things:
Once the change is made, you should be able to test by trying to log into the Jamf Pro server with an affected account using the ?failover login page. If all goes well, access should be blocked.