Authenticate Macs Against Active Directory

By Greg Keller Posted September 5, 2016

More organizations are leveraging Macs® all across their enterprise. In fact, 97% of the Fortune 500 companies use Apple® devices (Tim Cook, 2014).

But managing Macs in the infrastructure has quickly become a major headache for IT organizations. The vast majority of management tools were built for a Microsoft® Windows® world. Now that there are more types of devices to manage, the tools have struggled to keep pace.

One of the core challenges is how to authenticate Macs against Microsoft Active Directory®.

When Microsoft® AD Ruled the World

In the late 1990s and early 2000s, Microsoft was dominating the OS market. They capitalized on that lead by building enterprise management tools. Microsoft Exchange became the email server of choice. Active Directory was complementary to Exchange. AD controlled user access to the machine and the network, which is often referred to as a domain. While AD could perform device management, Microsoft also released a specific Windows device management solution called SMS, which subsequently became SCCM.

The common thread for all of these solutions was their assumption that the world was Microsoft driven and located on-premises.

Apple Devices Grow in the Enterprise

hi res logos

As we know, that world changed in the mid-to-late 2000s. AWS® came out with their Infrastructure-as-a-Service platform, and Google introduced their Apps solution which included hosted email and a productivity suite. That was a big blow to the once dominant Exchange.

Then Apple’s innovations rocked the masses with a new category of computing: mobile devices. Their innovations with the Mac platform made the iPhone, and later the iPad, highly sought-after devices. The world was starting to shift.

Enterprise IT environments that were once completely on-prem were now mixed with cloud applications and infrastructure. Windows started to give way to Macs and Linux® devices. Today, Windows is only one of five devices when including mobile platforms. That’s a huge drop-off in market share since 2000, when 97% of compute devices were Windows (Forbes).

Bobbing for Solutions to Authenticate Macs against Active Directory

complete mac user management

With these titanic changes, IT admins are struggling to manage and connect users to all of these various platforms. Historically, IT relied on AD as their centralized user management platform. But AD makes non-Windows devices into second-class citizens, difficult to manage or insecure.

There are legacy options which can address this, but they are far from efficient. Many organizations may authenticate Macs via LDAP to AD. Or they may leverage an intermediate directory service such as Apple Open Directory. This creates an added layer for IT to manage and integrate. Essentially, organizations end up with a handful of “mini directories” instead of one centralized, authoritative directory.

Extending AD to the Cloud

If you’re ready to move on from the outmoded AD model, there are modern approaches to authenticating Macs against Active Directory. The first approach is to extend AD to a cloud directory service.

The cloud directory service places an agent on the Mac and has full control over users and the device. Unlike AD where Group Policy Objects can be run on Windows, Directory-as-a-Service® provides the ability to execute commands and tasks on Macs. Users are imported into AD and synced to the cloud directory. From there, users can be added, removed, or modified on each Mac, all from one central dashboard.

Complete Cloud Directory Migration

Another path is to simply eliminate Active Directory and move to Directory-as-a-Service. The cloud directory platform serves as a centralized user management platform connecting systems, applications, and networks to users.

All major platforms are treated equally. It’s no different to manage a Mac than it is to manage a Windows system or Linux server. In fact, it doesn’t matter whether those devices are located on-prem, in the cloud, or around the world with remote users.

JumpCloud directory-as-a-service

Further, those same Mac credentials can be leveraged with G Suite™, Office 365™, AWS, and more. LDAP applications or cloud-based Web applications utilizing SAML can also be integrated. Directory-as-a-Service reimagines AD and LDAP for the modern, cloud-forward organization.

Getting Started with a Cloud Directory

Drop us a note to learn more about how JumpCloud® Directory-as-a-Service can authenticate Macs against Active Directory or centralize user management across your Mac fleet. We’d be happy to walk you through how an Identity-as-a-Service platform can support your needs.

If you’re a “hands-on learner”, feel free to try Directory-as-a-Service. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts