Apple,
This is a step in the Wrong direction, and will cause more problems for our users...
As it stands, we have had to do some script to get a 'management' account with a token that can give out tokens to users with an interactive script...
This confuses users more, as WE CANNOT ALL STAND OVER THEIR DESK AND TYPE OUR PASSWORDS.
Please allow us to disable this ridiculous dialog option at the management level, as you will do nothing but confuse our users.
All you have to do is this--- allow MDM to push out tokens, based on a certificate that we have created and put on the machine with enrollment to our MDM servers... or just quite frankly allow any mobile AD/OD/Directory user to automatically get a token, as these people have ALREADY proven that they are authenticated by our systems.
This secureToken business has been a big, short-sighted joke...
And the sysadminctl binary is still nothing if not 'fragile', and has next to no documentation.
Fix this secureToken garbage asap, or allow us to disable it completely, cuz it does not work well in many enterprise/educational institutions.
ks