skip to content

What is delegated access 

Access to institution owned devices can be delegated to site IT staff. This allows site staff to view the following information for institutional devices: 

  • Local Administrator Password Solution (LAPS) password for UIS admin account  
  • FileVault decryption key 
  • Device inventory 
  • Policy results  
  • See your institutions’ UMD devices. 

Currently, all delegation is restricted to viewing devices and associated attributes. You will not be able to install an application or change a policy.  


How to get it 

  1. Create a group in Blue Toolkit called ‘dept-jamf-pro-auditors'. For example. ‘uis-jamf-pro-auditors'. 
  2. Populate the group with users to be granted access. 
  3. Email asking for UMD access to be granted. 
  4. UIS will grant the nominate group access to site devices. 


How to use it 

Viewing Devices 

  1. Log into
  2. Authenticate via Entra ID. 
  3. Choose Computers from the column on the left. 
  4.  Select ‘Search Inventory’. 
  5. Enter a value in the search field and select ‘Search’. Leave the field blank to see all devices. 
  6. Pick a device to see the inventory. 

Viewing LAPS Password for local administrator accounts 

  1. Navigate to the device inventory as above. 
  2. Select the ‘General’ section of the Inventory tab. 
  3. Select ‘View accounts and passwords’ under Managed Local Administrator Accounts. 
  4. Choose the user from the PreStage source and select ‘View’. 
  5. The password will be rotated 4 hours after viewing. 

Viewing FileVault Recovery Key 

The FileVault Recovery Key can be used to decrypt the disk if the end user has forgotten their password. 

  1. Navigate to the device inventory as above. 
  2. Select the ‘Disk Encryption’ section of the Inventory pane 
  3. Select ‘Show Key for the Personal Recovery Key’. 

To use the key press Command + Option + Down at the Preboot login screen. You will be prompted to reset the user password. 


Get help 

Devices are assigned to your institution. If you do not see all your devices, contact the Service Desk with the serial numbers of the devices. They will be assigned to you. 

If you have any other queries contact the Service Desk.