Enabling MFA on Macs for MSPs 

Written by Rob McGrath on July 1, 2022

Share This Article

In today’s business environment, passwords are not enough to keep our electronic world safe, and MSPs have to reckon with that fact. Even if your users have the best passwords on earth, the ubiquity of data breaches and phishing attacks make even the most advanced keys useless. 

You’re likely already implementing additional security measures with your customers, like rolling out multi-factor authentication (MFA) to protect the identities that hold the keys to your various kingdoms.

Requiring MFA to access web-based resources is commonplace, but protecting endpoints like laptops or desktops is not. MSPs focus heavily on preventing malicious software from attacking data with state-of-the-art monitoring and protection tools. But that same data can often be accessed by entering a password – and that password is likely to be less complex, since users have to enter it multiple times a day. 

For Windows laptops, many IT admins have turned to AzureAD for MFA, but Macs aren’t typically candidates for this. Fortunately, JumpCloud has made it easy for you to add MFA security for your Mac and Linux devices – in addition to Windows. 

Setting Up Mac MFA 

1. Set up a JumpCloud account for each user and enable MFA

First, make sure that the Mac’s user has a JumpCloud account set up. Then, ensure you’ve selected “Require User MFA.” The user will be prompted to complete the MFA setup via their account’s email. MFA with JumpCloud can be either push-approved via the JumpCloud Protect mobile app, or TOTP with your authenticator app of choice.

screenshot of setting up mac MFA

2. Configure the Mac device

Now that the user’s account is ready you can configure the device. With JumpCloud, the only setup required on the device itself is the installation of our JumpCloud Agent

If your Mac is enrolled in MDM with JumpCloud, this is incredibly easy and can be done before the Mac is even removed from its box. If this is a BYOD device or one that has not been purchased via Apple Business Manager related channels, a simple download and install of the JumpCloud Agent locally on the device will do the trick. 

3. Connect the user to their new device 

Once the agent is in place, simply assign the device to the user, and your job is done. When they go to login, they’ll be prompted for their password and MFA.

screenshot of mac login page

With JumpCloud, you can achieve a level of security that exponentially reduces the risk of a customer data incident while also providing a richer support experience in a matter of minutes. 

Enabling JumpCloud also enables features like self-service password resets, which can dramatically reduce ticket traffic, and SSO, which streamlines and hardens the user experience.

Check out JumpCloud today and discover the many ways you can protect your MSP and the customers you serve! If you’d like to learn more about MFA with JumpCloud for your devices, feel free to reach out to us, or read some of our documentation below.

Rob McGrath

Continue Learning with our Newsletter