Mac Authentication In The Cloud

By Rajat Bhargava Posted June 30, 2015

mac authentication

The standard for controlling user authentication, authorization, and device management has been Microsoft® Active Directory® (MAD or AD). AD has the ability to manage user authentication, authorization, and devices for the Windows® platform. But on Mac®? Not so much.

Managing Mac authentication within an organization can be a challenge. IT admins have a limited number of options to manage user access to Macs – and even fewer when you throw in the need to manage the macOS® devices as well.

Let’s go over some of the options that IT admins have to address the rise of Macs in the workplace, including a new, cloud-based Mac management solution that’s shaking up the whole industry.

Option 1:  Leave Macs Unmanaged

cross-platform device management

Until recently, very few true management platforms have existed for Macs, so many IT admins just let their Mac authentication be self-managed.

While easiest for the IT admin in some respects, the self-managed path introduces significant risks and security holes. IT admins have no control over the device or what the user is doing with the device. Even if the user has no malicious intentions, the IT admin has no ability to remotely service and support the device and user.

In the era of Bring Your Own Device (BYOD), unfortunately, self-managed is the most likely option for IT admins with Mac user populations.

Option 2:  Conventional Directory Services

Active Directory

Directory services such as AD and OpenLDAP™ can provide Mac user authentication, but not without some serious issues.

AD has no capability of managing Mac devices – or Linux devices for that matter. OpenLDAP is painful to connect with Macs (Penn State has a tutorial that is 30 steps long!). For organizations that are virtually all Macs – and there are many of them now – the current directory services options are lackluster at best. Add to that the requirement that AD and LDAP are on-premises software solutions and this path turns out to be even more painful for IT admins.

Option 3:  Cloud-Based DaaS

There is another option that has recently emerged. It’s called Directory-as-a-Service® (DaaS), and it is a cloud-based authentication, authorization, and management platform. It connects users to the IT resources they need. A key part of DaaS is support of macOS devices.

So how does it work? A small agent is placed on the Mac device and securely connects back to the cloud-based directory. Users are created, terminated, and managed from the cloud-based directory service console. Those actions are relayed to the device via the agent. As a result, users can be authenticated and authorized seamlessly from the cloud.

Further, Directory-as-a-Service gives IT the ability to manage the actual devices. IT admins are able to remotely execute commands or tasks on their Mac fleet. For users, the Mac System App allows users to perform their own password resets, further empowering IT admins. 

Get Cloud-Based Mac Authentication 

complete mac user management

The “dark ages” are over. Managing authentication on Mac devices no longer has to be a painful exercise. And, IT admins clearly do not have to give up and leave their Mac fleet unmanaged. Not only can they tightly manage their Mac users and devices, but they have the ability to do that through a cloud-based, SaaS service.

We’d be happy to tell you more about Directory-as-a-Service as well as help you with our free account. Feel free to try 10 of your Macs on us and see what you think.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts