How To Extend Active Directory® Identities To MacOS

By Vince Lujan Posted August 29, 2017

extend identy macos cloud identity bridge ad bridge

Organizations are adopting macOS solutions faster than ever before. The trouble is that most still leverage Active Directory® (AD) for their core identity and access management (IAM) solution. AD is notorious for making it difficult to extend user identities to macOS. Yet, with more macOS devices on enterprise networks every day, a common question that we get is how to extend Active Directory identities to macOS with AD Bridge.

Third party solutions to help bridge the gap between AD and macOS have existed for years. Unfortunately, many of these are legacy solutions with serious limitations. AD Integration is the most modern, forward-thinking iteration of this concept. Part of JumpCloud’s cloud-based directory services, AD Integration is browser-based, fully-featured, and it makes extending Active Directory identities to macOS easier than ever before.

Before AD Integration

extend ad macOS ad bridge cloud identity bridge

In the past, admins had two options for extending AD to macOS. They could manually configure Macs to connect with AD, which can make sense if you only have a few of them. The other option was to leverage a third party on-prem directory extension platform.

The problem was that neither of these solutions could offer the same management capabilities available to Windows systems within AD. This is because the lack of management capabilities for non-Windows systems is a limitation of the Active Directory platform itself. Therefore, any solution simply layered on top of AD will have the same issues.

Active Directory’s Group Policy feature is a great example. Group Policy Objects (GPOs) are a powerful tool for managing Windows devices in an Active Directory environment. They are used to enforce company policies like security standards (e.g. password complexity settings, securing USB ports, setting screen lock timeout, etc.), among a long list of others.

Unfortunately, the concept of GPOs for non-Windows systems does not exist within AD. That means the same security policies cannot be applied to macOS systems. The result is that admins are forced into granularly configuring security settings per system for their Windows devices, or worse, not configuring them for macOS at all.

New Cloud Identity Bridge

JumpCloud Mac Management


The good news is that a new wave of IAM solutions has emerged to combat these limitations. JumpCloud’s AD Integration is riding this new wave, and comes as welcome relief to admins still locked into the Microsoft® ball and chain.

AD Integration works by installing a lightweight agent on both the local domain controller(s) and any system (e.g. Windows, Mac, Linux) an admin needs to manage. This allows JumpCloud to synchronize with Active Directory to securely extend user identities and credentials to resources that cannot be managed by AD directly. The result is that AD remains the authoritative identity provider (IdP), but admins now have the ability to control non-Windows resources – even if they are not directly bound to AD.

JumpCloud’s AD Integration is unique in that our solution extends AD user identities via a comprehensive cloud hosted directory service. The added benefit being that all of the management capabilities native to Directory-as-a-Service® can now be leveraged with AD credentials, including JumpCloud’s GPO-like capabilities that enables admins to run commands and scripts across Windows, Mac, and Linux endpoints. No additional on-prem infrastructure, maintenance, or management headaches required.

For an in-depth understanding of AD Integration, see our Whiteboard video.

Common Examples of Why Organizations Use AD Integration:

ad bridge cloud identity bridge

AD Integration isn’t for everyone. For some organizations, it makes sense to eliminate Active Directory altogether. In that case, JumpCloud’s Directory-as-a-Service can act as a comprehensive cloud solution for identity management. However, if your organization is committed to AD but having trouble managing non-Windows systems and cloud resources, then AD Integration will likely help.

Ready to Extend Active Directory Identities to macOS?

To learn more about how to extend Active Directory identities to macOS, drop us a note. You can also sign up and see for yourself. You and your first ten users can try JumpCloud for free forever.

Vince Lujan

Vince is a writer and videographer at JumpCloud. Originally from a small village just outside of Albuquerque, he now calls Boulder home. When Vince is not developing content for JumpCloud, he can usually be found doing creek stuff.

Recent Posts