By Rajat Bhargava Posted June 30, 2015
The standard for controlling user authentication, authorization, and device management has been Microsoft® Active Directory® (MAD or AD). AD has the ability to manage user authentication, authorization, and devices for the Windows® platform. But on Mac®? Not so much.
Managing Mac authentication within an organization can be a challenge. IT admins have a limited number of options to manage user access to Macs – and even fewer when you throw in the need to manage the macOS® devices as well.
Option 1: Leave Macs Unmanaged
Until recently, very few true management platforms have existed for Macs, so many IT admins just let their Mac authentication be self-managed.
While easiest for the IT admin in some respects, the self-managed path introduces significant risks and security holes. IT admins have no control over the device or what the user is doing with the device. Even if the user has no malicious intentions, the IT admin has no ability to remotely service and support the device and user.
In the era of Bring Your Own Device (BYOD), unfortunately, self-managed is the most likely option for IT admins with Mac user populations.
Option 2: Conventional Directory Services
Directory services such as AD and OpenLDAP™ can provide Mac user authentication, but not without some serious issues.
AD has no capability of managing Mac devices – or Linux devices for that matter. OpenLDAP is painful to connect with Macs (Penn State has a tutorial that is 30 steps long!). For organizations that are virtually all Macs – and there are many of them now – the current directory services options are lackluster at best. Add to that the requirement that AD and LDAP are on-premises software solutions and this path turns out to be even more painful for IT admins.
Option 3: Cloud-Based DaaS
There is another option that has recently emerged. It’s called Directory-as-a-Service® (DaaS), and it is a cloud-based authentication, authorization, and management platform. It connects users to the IT resources they need. A key part of DaaS is support of macOS devices.
So how does it work? A small agent is placed on the Mac device and securely connects back to the cloud-based directory. Users are created, terminated, and managed from the cloud-based directory service console. Those actions are relayed to the device via the agent. As a result, users can be authenticated and authorized seamlessly from the cloud.
Further, Directory-as-a-Service gives IT the ability to manage the actual devices. IT admins are able to remotely execute commands or tasks on their Mac fleet. For users, the Mac System App allows users to perform their own password resets, further empowering IT admins.
Get Cloud-Based Mac Authentication
The “dark ages” are over. Managing authentication on Mac devices no longer has to be a painful exercise. And, IT admins clearly do not have to give up and leave their Mac fleet unmanaged. Not only can they tightly manage their Mac users and devices, but they have the ability to do that through a cloud-based, SaaS service.
We’d be happy to tell you more about Directory-as-a-Service as well as help you with our free account. Feel free to try 10 of your Macs on us and see what you think.