By Greg Keller Posted August 16, 2016
Directory services emerged as a core part of IT infrastructure during the 1990s, becoming essential shortly thereafter. The directory service was a mechanism for IT admins to control user access to systems, applications, and networks.
For end users, they were able to leverage a single login account for a variety of IT services. This was a relatively easy process. The vast majority of systems and applications were Microsoft Windows based and all of the IT resources were on-premises. Security was still important, but it was not nearly as critical (or complex) as it is today.
In yesterday’s environment, a directory service was a relatively straightforward solution, and Microsoft provided it with a product called Active Directory. Fast-forward a couple of decades later, and the identity management landscape has dramatically changed.
Directory Services, Meet Modern IT
Transformative changes in directory services have stemmed in large part due to the shifting IT landscape. Microsoft is no longer the dominant operating system platform it once was, and the cloud has completely changed the way that IT organizations conduct business. As a result, what a directory service means today is far different than what it was then.
Today’s modern directory service is called a cloud directory, or Directory-as-a-Service®. It is not only delivered as a SaaS-based service but also independent, meaning that it supports a variety of platforms, protocols, and locations. Since it is highly focused on security, one of the key features of Directory-as-a-Service is its ability to deliver Mac multi-factor authentication.
One Solution for Mac MFA / 2FA
Apple devices are now in use at over 90% of Fortune 500 companies and Apple is aggressively pursuing a bigger piece of the enterprise pie (MacWorld). It’s only natural that a cloud-based directory service, built from the ground up for today’s IT environments, would support user management with Macs.
User management is traditionally driven off of username and passwords. Linux servers will often use SSH keys as well. Macs are capable of this approach to authentication, but it is rarely used. While legacy directories struggled with Mac and Linux devices, a cloud identity provider treats all three major platforms as first-class citizens.
Macs are conventionally considered more secure – but they’re also a bigger target for theft than their PC counterparts. Implementing Mac multi-factor authentication is the single best way to ensure that a stolen work device doesn’t become a breach. That’s why, in addition to the standard authentication path, Directory-as-a-Service provides the ability to optionally enable multi-factor authentication (MFA) or two-factor authentication (2FA).
Historically, the added step of multi-factor auth was not included in a directory service. Times have changed: today’s modern Identity-as-a-Service platforms include system level multi-factor authentication. Directory-as-a-Service from JumpCloud leverages the free Google Authenticator application that can be enabled on iOS and Android smartphone devices. A token is created by the application and subsequently entered into the login screen on the Mac. Without the token, a user cannot log into the Mac device. This extension of directory services is a critical one. Today’s devices and applications are compromised all too often. A significant boost in security must be provided by modern cloud-based directories.
Grow Security With Directory-as-a-Service Mac Multi-Factor Authentication
The Directory-as-a-Service feature of Mac multi-factor authentication is a remarkable game changer for organizations with Macs. IT admins know that password-based authentication is not secure enough in today’s environment. Easily adding MFA to the login process is something that end users are comfortable with and IT admins can implement without significant cost and overhead through JumpCloud’s cloud directory. If you would like to learn more about how you can leverage Mac multi-factor authentication for your organization, drop us a note. You’re always welcome to sign up for a free account. Your first 10 users are free forever.