Mac Directory Authentication

Written by Rajat Bhargava on July 24, 2015

Share This Article

Macs are a unique bunch. As Apple’s tagline notes, Macs “Think Different.” And, that’s awesome because your users get tremendous productivity from their Mac laptops and desktops. Macs are elegant and powerful computers. They are also the device of choice for many people today.

But there’s another side to “Think Different”

For IT admins, “different” generally translates to “more work.” It also means less security and it can signal higher costs.

For decades, IT admins have been focused on building a homogenous IT environment because it leads to greater efficiency and less risk. As Macs made an incredible resurgence over the last decade and many companies embraced Bring Your Own Device (BYOD) policies, IT admins have been forced to integrate Macs into their environments.

This has come with many challenges, but the most central challenge that integrating Mac devices has posed for IT admins is directory authentication.

Conventional Directory Authentication for Macs

Microsoft’s Active Directory can seamlessly manage Windows devices.

Macs and Linux devices? Not so much. While Macs can authenticate against AD, the full functionality of managing the device does not occur with AD.

OpenLDAP, the leading open source directory service, is another option for IT admins. The challenge with connecting Macs to OpenLDAP is that it is a long and tedious process.

Most IT admins think of directory services at the core of integrating a solution into their environment. So access needs to be centrally controlled and managed. Unfortunately, both Microsoft AD and OpenLDAP fall short when it comes to Macs.

A New, Cloud-Based Alternative

The shift in the IT landscape from a homogeneous Microsoft Windows world to a heterogeneous, cloud-based IT infrastructure led to the creation of Directory-as-a-Service®.

The goal of DaaS is to connect users with IT resources from a central, cloud-based service. Those users may be on Windows devices, Linux machines, or Mac machines. Directory-as-a-Service also connects those users to any applications and networks that those users need. IT admins can control access centrally and globally, whether the resources and users are on-premises or out in the world.

Better Mac Directory Authentication

Directory-as-a-Service is a particularly elegant solution for Macs. DaaS solutions place a small agent on the Mac device and natively manage user authentication and authorization. Beyond user management, the agent is conduit to manage the device itself through the setting of policies or the execution of tasks. In effect, IT admins gain full control of Macs similar to how Microsoft provided full control over the Windows platform via Active Directory.

If you have a fleet of Macs and are thinking about how Macs can be serviced through directory authentication, take a look at Directory-as-a-Service. The solution may bring your Macs back into the IT fold without losing their “Think Different” appeal.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Continue Learning with our Newsletter