By Vince Lujan Posted August 29, 2017
Organizations are adopting macOS solutions faster than ever before. The trouble is that most still leverage Active Directory® (AD) for their core identity and access management (IAM) solution. AD is notorious for making it difficult to extend user identities to macOS. Yet, with more macOS devices on enterprise networks every day, a common question that we get is how to extend Active Directory identities to macOS with AD Bridge.
Third party solutions to help bridge the gap between AD and macOS have existed for years. Unfortunately, many of these are legacy solutions with serious limitations. AD Integration is the most modern, forward-thinking iteration of this concept. Part of JumpCloud’s cloud-based directory services, AD Integration is browser-based, fully-featured, and it makes extending Active Directory identities to macOS easier than ever before.
Before AD Integration
In the past, admins had two options for extending AD to macOS. They could manually configure Macs to connect with AD, which can make sense if you only have a few of them. The other option was to leverage a third party on-prem directory extension platform.
The problem was that neither of these solutions could offer the same management capabilities available to Windows systems within AD. This is because the lack of management capabilities for non-Windows systems is a limitation of the Active Directory platform itself. Therefore, any solution simply layered on top of AD will have the same issues.
Active Directory’s Group Policy feature is a great example. Group Policy Objects (GPOs) are a powerful tool for managing Windows devices in an Active Directory environment. They are used to enforce company policies like security standards (e.g. password complexity settings, securing USB ports, setting screen lock timeout, etc.), among a long list of others.
Unfortunately, the concept of GPOs for non-Windows systems does not exist within AD. That means the same security policies cannot be applied to macOS systems. The result is that admins are forced into granularly configuring security settings per system for their Windows devices, or worse, not configuring them for macOS at all.
New Cloud Identity Bridge
The good news is that a new wave of IAM solutions has emerged to combat these limitations. JumpCloud’s AD Integration is riding this new wave, and comes as welcome relief to admins still locked into the Microsoft® ball and chain.
AD Integration works by installing a lightweight agent on both the local domain controller(s) and any system (e.g. Windows, Mac, Linux) an admin needs to manage. This allows JumpCloud to synchronize with Active Directory to securely extend user identities and credentials to resources that cannot be managed by AD directly. The result is that AD remains the authoritative identity provider (IdP), but admins now have the ability to control non-Windows resources – even if they are not directly bound to AD.
JumpCloud’s AD Integration is unique in that our solution extends AD user identities via a comprehensive cloud hosted directory service. The added benefit being that all of the management capabilities native to Directory-as-a-Service® can now be leveraged with AD credentials, including JumpCloud’s GPO-like capabilities that enables admins to run commands and scripts across Windows, Mac, and Linux endpoints. No additional on-prem infrastructure, maintenance, or management headaches required.
For an in-depth understanding of AD Integration, see our Whiteboard video.
Common Examples of Why Organizations Use AD Integration:
- They are taking on cloud-based infrastructure and services and AD is troublesome in granting access to them. This often includes AWS®, Google Cloud, and Linux servers.
- They are faced with remote workers and/or contractors who need to be governed but VPN requirements and networking make this difficult.
- The business has acquired a company and their employees are using Mac instead of Windows – making this a complex chore to manage from AD.
AD Integration isn’t for everyone. For some organizations, it makes sense to eliminate Active Directory altogether. In that case, JumpCloud’s Directory-as-a-Service can act as a comprehensive cloud solution for identity management. However, if your organization is committed to AD but having trouble managing non-Windows systems and cloud resources, then AD Integration will likely help.