Force user to reset password at next authentication Parameter

Learn more about how to force users to reset their Mac passwords.


The "Force user to reset password at next authentication" parameter has some caveats that should be understood before deploying. It is important to note what macOS version you're deploying to, as well as the other password polocies you have enabled. 

As with all parameters, it is ideal to test before pushing any changes to production Macs. 

macOS 10.14

By enabling the parameter, a profile is pushed down to Macs. This profile states that the user will be prompted to change their password at next authentication. For most users this will occur when they are attempted to log in after a log out or reboot.

Once you enable this Parameter, and the Blueprint is saved, the profile will be deployed during Kandji's next checkin. 

Note: This profile will stay on the Mac as long as the parameter is enabled. However the user will only be prompted to change their password once, during their next log in.  

Older macOS behavior

This same profile results in different behavior on different macOS versions.