By Vince Lujan Posted April 14, 2019
Apple® Two Factor Authentication (2FA) is a great way to secure your Apple ID. But, what if you need 2FA throughout your IT environment? For example, you may be wondering how to enable 2FA for systems and applications. Fortunately, there is an Apple Two Factor Authentication alternative that can extend 2FA functionality to a wider range of IT resources including your Mac systems.
What is Two Factor Authentication?
2FA basically means that you need more than just your username and password to authenticate and gain access to your IT resources. Rather, users are challenged to provide their core username and password in addition to a secure 2FA token at login. 2FA tokens generally come in the form of a time-based TOTP key sent to your smartphone, such as a numerical code from the Google Authenticator™ app, via SMS, or perhaps a physical security key—think YubiKey®. The end result is that 2FA adds an extra layer of security to the user authentication workflow.
Examples of 2FA Use Cases
2FA has been used in on-prem networks where privileged users require secure access to critical IT resources. For example, 2FA is a common add-on purchase in traditional OpenLDAP™ or Microsoft® Active Directory® (AD) environments. For these use cases, a 2FA server is typically integrated with the overall on-prem identity management infrastructure. In doing so, admins can add an extra layer of security to LDAP, or secure access to Windows®-based IT resources, depending on the identity provider (IdP).
More recently, Apple developed 2FA functionality for the Apple ID. The Apple approach does not require an on-prem IdP or 2FA server. Instead, it works by sending a six digit numerical code via SMS to a trusted device such as a smartphone or tablet. As a user attempts to log in to their Apple ID from a new device, they are prompted to provide this six digit numerical code. If input correctly, the user is subsequently granted access to their Apple account.
However, as IT security has become a focal point for modern IT organizations, admins are searching for a 2FA solution that can extend 2FA functionality throughout their environment including Mac systems (and not just for the Apple ID). Modern IT organizations are often cross platform and leverage a variety of web applications and remote networks. Yet, traditional 2FA solutions are often siloed to a particular platform or resource. Case in point, Apple Two Factor Authentication is used for Apple IDs.
Ideally, IT admins could enable 2FA throughout their modern network from one centralized location. Fortunately, the cloud has enabled developers to reimagine the 2FA category as a whole. More specifically, 2FA functionality can now be delivered as a service, and is not limited to a particular platform, provider, protocol, or location. For this use case, IT admins simply purchase the cloud 2FA solution, then determine which resources will have 2FA enabled, and the rest operates virtually.
This is achievable with the JumpCloud® Directory-as-a-Service® platform.
2FA with JumpCloud
JumpCloud offers 2FA functionality as a core feature of the overall Directory-as-a-Service platform. JumpCloud 2FA can be enabled at both the system and application layer. Thus, adding an extra layer of security to the user authentication workflow. JumpCloud 2FA leverages time-based TOTP token generators, such as Google Authenticator, and also supports physical security keys such as YubiKey. And while JumpCloud 2FA doesn’t support Apple IDs (Apple does a great job with that), it can be enabled for macOS® systems such as Macbooks® and iMacs®. Thus, securing the system itself, before the Apple ID authentication workflow occurs.
Sign up for a JumpCloud account and check out the full functionality of the Directory-as-a-Service platform for free. This includes our 2FA functionality, as well as everything else JumpCloud has to offer, free for up to 10 users. You can also browse our Knowledge Base and YouTube page for supplemental information, and contact us if you have any questions.