Extend Azure AD® Identities to Mac®

Written by George Lattimore on April 8, 2019

Share This Article

As more IT organizations leverage Office 365, by default, users continue to be given Azure® Active Directory® identities. Much like how G Suite identities are extended over to Mac® systems, IT admins are wondering if it is possible to do the same by extending Azure AD identities to Mac systems. Thankfully, this is now completely possible with a tightly integrated cloud directory called Directory-as-a-Service®. Let’s look at how the cloud directory is bridging Azure AD and Mac systems for IT organizations around the world.

Why a Cloud Directory Bridge is Needed

Stepping back for a moment, Azure AD is understood as Microsoft’s® complement to the on-prem Active Directory platform. While admins everywhere were hoping Azure AD would be a cloud replacement to the traditional on-prem server approach, Microsoft instead chose to preserve the investments of legacy customers by trying to complement the on-prem approach. While this is ideal for those legacy customers heavily invested in Windows-centric infrastructure, it can create significant management complications for modern office environments trying to go full cloud.

Essentially, Azure AD is a user management system for Azure and O365 as well as a web application single sign-on (SSO) platform. In the same vein as Microsoft’s on-prem version of Active Directory, Azure AD too struggles with non-Windows platforms, and oddly enough in Azure AD’s particular case, infrastructure outside of Azure. In fact, Microsoft doesn’t really recommend connecting on-prem systems to their Azure AD Domain Services solution. They recommend “authenticating” Windows® users via OAuth or OpenID, which work better over the Internet. Unfortunately, that still leaves a sizeable gap for authenticating Mac systems and Linux® workstations.

Direct Benefits for Users and Admins

The good news is that you can tightly integrate a third-party cloud directory service with Azure AD. This cloud identity provider can enforce one set of credentials for Azure AD as well as the rest of an organization’s IT resources—including their macOS® systems. The result is that end users directly benefit from having only one identity to remember and manage across their wide variety of IT resources. Less time spent managing passwords means more real work can actually get done.

So, from a high level, how does this play out? The cloud directory—called Directory-as-a-Service—instantiates the identity through a variety of mechanisms, including LDAP for on-prem and legacy applications, SAML for web applications, RADIUS for VPN and WiFi connections, native APIs for macOS, Linux, and Windows, and then SSH for AWS® cloud servers. In short, IT admins get one cloud directory to control and manage a wide range of IT resources, while end users get One Identity to Rule Them All® .

If you’d like to hear more about how the cloud directory extends Azure AD identities to Mac machines, send us an email and one of our experts will answer any questions you have. On the other hand, if you’d like to play around with the features of the cloud directory, you’re completely welcome to do so, with the first 10 users free forever.

Continue Learning with our Newsletter