Identity-as-a-Service Function macOS MFA

By Greg Keller Posted December 15, 2016

Identity-as-a-Service and multi-factor authentication are some of the hottest sectors of IT. The two merge in the Identity-as-a-Service function for MacOS MFA.

First, The Focus was on Web App SSO

When the cloud identity management market started, it was just focused on being the web application single sign-on solution. Microsoft Active Directory would be the authoritative directory service. IDaaS would sit on top of the identity provider and federate access to web applications. This made a lot of sense for a long time. However, Identity-as-a-Service wasn’t complete enough as organizations started to replace Active Directory.

Next, Merging The Concept of SSO into Directory Services

true single sign-on SSO

A new generation of IDaaS emerged called Directory-as-a-Service®. This cloud-hosted identity provider merged the concept of SSO into directory services. The extension of that became the ability to authenticate user access not only to applications but also to systems. It went even further by providing multi-factor authentication (sometimes called two-factor authentication) as well.

The concept of Identity-as-a-Service is far broader than the simple web application SSO approach. Identity-as-a-Service is a unified cloud directory service that enables users to securely manage and access all of their IT resources, including systems, applications, and networks. Those IT resources could be virtually any platform, for example, macOS, Windows, Linux, AWS, Google Apps for Work, and Microsoft Office 365, among others. They could be located in the cloud or on-prem. And they would use a variety of different protocols, including LDAP, SAML, SSH, REST, and much more. As a central user management platform, this approach has been ideal for a wide variety of IT organizations.

Then, a Step-Up in Security with macOS MFA


A key feature for any cloud identity management platform has become multi-factor authentication. MFA requires a second factor – a token provided via your smartphone – to be input during the login process. As a result, this forces a user to provide something that they know (their password) and something that they have (their token via their smartphone). The chances of having an identity compromised drop significantly in this scenario. It is perhaps the most important thing that IT admins can do to increase the security of their identity management systems. Identity-as-a-Service provides MFA functionality for the popular macOS platform. System-level MFA is critical to enforce because it renders a stolen laptop useless without the token as well. It is a significant step-up in security.

At Last, Try JumpCloud® Yourself


Users often store sensitive data on their macOS device. This could just be just their credentials to a wide variety of sites. Then again, it could be more than that. Either way, a password to protect your Mac device is not enough. If you would like to learn more about the Identity-as-a-Service function for macOS MFA, drop us a note. Or just give it a try for yourself. You can sign up for a free account where your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts