IdP For MacOS® Catalina™

By Zach DeMeyer Posted July 8, 2019

The announcement of macOS® 10.15 Catalina™ has put many IT admins in a state of confusion. With such a massive change to the Mac® management landscape, the question now becomes, “what’s the best identity provider (IdP) for macOS Catalina?” Considering the history of managing Macs in IT organizations, it is an interesting question.

The History of Mac Management

As we know, Mac users and their systems have been notoriously hard to manage using traditional methods, such as with identity providers like Microsoft® Active Directory® and LDAP. Apple® went so far as to build their own IdP, called Open Directory, to combat this issue. A Mac analogue to Active Directory (AD), Open Directory was based on a number of open source solutions and was offered in conjunction with the macOS Server product, much like AD and Windows® Server. Unfortunately, it doesn’t seem like Apple is investing heavily in its macOS Server line as of late, so that leaves IT admins scratching their heads with what to do from a directory services perspective when macOS 10.15 comes out.

Of course, IT admins could always try to use a traditional IdP to manage their Mac systems and users, but that presents a different challenge altogether. IdPs like AD are designed almost exclusively for Windows systems, so IT admins looking to manage Macs need to find AD add-on solutions like identity bridges to connect their Macs to their AD instance. Not only do they add additional costs to an IT organization’s budget, these solutions can also be tricky to implement, ground modern IT organizations on-prem, and fracture identity management into multiple disparate parts.

Catalina Changes Everything

The release of macOS Catalina seems like it will turn Mac management on its head. While the full details are somewhat unclear, Apple has declared that, at least in some respects, managing macOS Catalina systems will be improved for IT admins. It seems as though Apple is going to expand the ways that macOS users can authenticate, with the SAML and Kerberos protocols being slotted for the release. 

There are also a number of pending changes regarding the function of mobile device management (MDM) in Mac ecosystems. Early Catalina release documentation has implied that MDM solutions will be granted higher management rights, including additions to how Secure Tokens can be managed. Since its origin with macOS High Sierra™, managing the Secure Token has been a thorn in many an IT admin’s side, in spite of its claimed security benefits. With Catalina, MDM tools should be able to grant Secure Tokens more easily, making Mac management a little less of a burden on IT organizations.

Regardless of the effect of Catalina on MDMs, IT organizations still need to worry about the management of their Mac users and their identities. Such considerations will be critical as IT organizations think about upgrading to Catalina. This brings us back to the original question, what’s the best IdP for macOS Catalina? This identity provider will need to take into account these changes to how user accounts and Secure Token are managed.

Best IdP for macOS Catalina

Thankfully, there is an IdP that is available from the cloud which can effectively manage Mac users, their systems, as well as access to virtually all of their other IT resources. This cloud directory service is completely platform-neutral, meaning IT organizations can utilize Mac, Windows, or Linux® systems, as well as a wide variety of applications (cloud and on-prem) and infrastructure (Azure®, AWS®, GCP™, etc.). 

JumpCloud® Directory-as-a-Service® is the world’s first cloud directory service, and has reimagined AD and LDAP for the modern era. With JumpCloud, IT organizations can simplify and centralize their identity and access management into one web-based admin portal. That’s why over 75,000 organizations worldwide rely on JumpCloud as their core identity provider.

Leverage JumpCloud for Free

If your organization is concerned with finding an IdP for macOS Catalina, look no further than JumpCloud Directory-as-a-Service. IT admins can start exploring Directory-as-a-Service for their environments for free by signing up for JumpCloud. A risk-free JumpCloud account requires no credit card, and includes ten free users, available forever, to get you started in the platform.

If you would like to learn more about the JumpCloud product and/or managing Macs with macOS Catalina, feel free to give us a call or send us a note. You can also schedule a demo with a product expert to see the product’s capabilities in action.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts