Endpoint Services, Jamf Pro, macOS Login Screens
Systems
Jamf Pro
Affected Customers
University of Illinois IT Pros leveraging Technology Services Endpoint Services Jamf Pro
macOS Login Screens
macOS presents several login-related screens that may appear visually similar. However, each screen serves a distinct purpose and behaves differently, particularly in FileVault-enabled environments. Recognizing their differences is critical for troubleshooting encryption and login issues and understanding the expected user experience.
FileVault Unlock Screen
This is the first screen presented after a reboot or shutdown when FileVault is enabled on a Mac. Only user accounts with a Secure Token can unlock the disk.
The FileVault unlock screen:
- Has no network access (no Wi-Fi or Ethernet menu)
- Displays the default macOS wallpaper
- Will not appear again not until a computer is restarted or shutdown
- Supports FileVault Recovery Key entry on Apple silicon devices by entering the username of a FileVault enabled user and pressing Option + Shift + Enter
- Does not work with Jamf Pro LAPS passwords
User Login Window
The user login window appears after a user logs in and then subsequently logs out (Shift-Command-Q) rather than shutdown or lock their screen. Any local user account or configured network account can login to the Mac, regardless of whether they have a Secure Token.
The user login window:
- Has no user account pre-selected
- Has network access (Wi-Fi or Ethernet menu)
- Does not use FileVault Recovery Keys
- Works with Jamf Pro LAPS passwords
Lock Screen
The lock screen appears after a user has logged in and then locks the screen (Control-Command-Q) or the Mac has locked itself after a period of inactivity. Only the currently logged-in user can log back in, unless Fast User Switching is enabled.
The lock screen:
- Has the user account already selected
- Prompts for only the user password
- Reflects the logged-in user's desktop wallpaper or screen saver in the background