Troubleshooting PingID integration for Mac login
The following describes possible issues with the PingID integration for Mac login and how to resolve them.
Lockout
If you are locked out of the Mac following the installation and you have a remote SSH connection or you have set the option to use Single User mode, you can run an uninstall script, /Library/Application Support/PingIdentity/uninstall.sh.
Mac user cannot complete second factor authentication
Ensure that the user’s login name has been registered to PingID in the Admin portal identically to the Mac admin user name.
Mac user is blocked after installation
Online Authentication is required after installation. If the machine cannot reach the PingID service due to lack of an internet connection, ensure the machine can connect to the internet before the sign-on process is completed.
|
Users must go through online authentication the first time after installation and only then can perform offline authentication. |
Checking log files
The folder /Library/Logs/PingIdentity contains a log file for each user that logs in with PingID.
Admins can use the information in the files to try to isolate the problem, and if necessary, can send the contents to Ping Identity support.
For security reasons, the files in the folder are not directly visible. To access the content of the log file for a user:
-
Check the user’s Mac username.
-
Use
sudo cpto copy the file to a directory where you have full permissions, for example,sudo cp /Library/Logs/PingIdentity/bjensen ~/Desktop/bjensenLogFile. -
Make yourself the owner of the file, for example,
sudo chown $(whoami) ~/Desktop/bjensenLogFile. -
Change the file permissions for the file, for example
chmod 644 ~/Desktop/bjensenLogFile. -
Open the file and check if there is any information there that helps you identify the problem.
-
If necessary, copy the contents of the file and send it to Ping Identity support.