NASA Insignia
Site Title

Logging in to Enterprise Connect, version 2

Enterprise Connect is a tool from Apple to help with setting "Kerberos tickets", changing your NDC password, and optionally synchronizing your local and NDC passwords. You can see your Kerberos status by typing klist at a command-line prompt.

Please start from the Enterprise Connect icon in your menu bar (circle with a diagonal key). Or start from the main Applications folder if you don't see it there.

You should probably see your simple Agency User ID (AUID). Click on the 'Smart card...' button (with your PIV card inserted).

Click on your "PIV Authentication" certificate and click the Select button.

Your AUID with "@ndc.nasa.gov" appended should now be in the AUID box. Click "Sign In".

Enter your badge PIN in the ensuing dialog box (may be marked "ecAgent") and hit Return or click OK.

Click on the red "close" button in the upper left to dismiss this window.

If you click on the Enterprise Connect icon in the menu bar, you should now see that you are signed in and it should show when your password expires.

If you wish to keep your local (FileVault; keychain) and NDC/AD passwords in sync

Other things to know about: If you click the down-pointing caret arrow in the main Enterprise Connect panel (Choose "Open Enterprise Connect..." from menu bar icon if not already visible), you can select an option to "Keep my Mac login and Active Directory passwords in sync." This will be grayed out if your account is still "bound" to Active Directory.

If you chose to "Keep ... in sync" (as described above), then you may get a dialog box informing you when they are not the same:

After entering both passwords, Enterprise should ensure that your login password (and FileVault and main 'login' keychain password) and NDC (Active Directory) passwords are all the same, and tell you so:

Other implied changes

Please note that this new Enterprise Connect was released by the Agency Jamf team on Monday, July 1, with no advance warning. This section may change as more information becomes available.

We believe that this new Enterprise Connect should eliminate the need to run the NoMAD ("No More Active Directory") utility. Additionally, the hope is that the user will not be asked for both PIV PIN and Mac password upon dismissing the screensaver.

Quirk: If you have a 10.13 Mac and changed your NDC password from another machine, you may need to sign out and back in to Enterprise Connect to have it prompt you to change the local password.

David Friedlander, Divya Pereira
2 July 2019