By Rajat Bhargava Posted April 18, 2019
More organizations than ever are using G Suite™. In fact, Google announced that it finished 2018 with 5 million paying customers. When you combine that with the fact that G Suite for Education has upwards of 70 million users, it’s easy to see how extending G Suite credentials to a wider range of IT resources could be useful. After all, G Suite isn’t the only IT resource on modern IT networks. In fact, Mac® systems are commonly used with G Suite environments. Thus, IT admins are wondering how they can take advantage of macOS® authentication using G Suite™ identities.
For IT admins and organizations that are looking to leverage G Suite identities for authentication into macOS systems, that functionality is not available “out-of-the-box” so to speak from either Google or Apple®. But, if you were to leverage a complementary solution to G Suite, called Directory-as-a-Service®, your G Suite identities can end up actually being your universal identities.
An easy way to conceptualize this problem is to think of G Suite as the replacement for Microsoft® Exchange®, Windows® file server, and Office™. And then, Directory-as-a-Service becomes the replacement for Microsoft® Active Directory®. When you make this switch to the cloud and cloud resources with G Suite and JumpCloud, you ensure your employees have a single password for all of their IT resources via True Single Sign-On™.
But, before we get too far into the possibilities enabled with the switch to G Suite and Directory-as-a-Service, let’s talk about some limitations of trying to perform this integration without JumpCloud. Or, you could skip ahead and sign up for a free account now and get to work integrating your new cloud directory with G Suite identities with the help of this support page. The choice is yours.
Why The Standalone G Suite Approach Falls Short
It’s important to realize that the era in which G Suite™ (Google Apps™ at the time) was created was a different era of IT. When Google Apps first hit the scene, the world was still largely based on Microsoft® Windows and the majority of IT infrastructure was located on-prem.
As a result, Google Apps was built to work around the leading directory services solutions. At that time, those were Microsoft® Active Directory® (MAD or AD) and OpenLDAP™. It didn’t make sense for Google Apps to replace AD, but it certainly did make a great deal of sense to go after Exchange and Office.
Over time, as more IT organizations moved to G Suite, a common problem kept springing up around managing identities. If an IT organization wanted to shift completely to the cloud, continuing to leverage AD or OpenLDAP meant that a core part of their infrastructure was still on-prem. If they kept their on-prem Active Directory service, many organizations found themselves tied to Windows with one foot on-prem and the other in the G Suite cloud world.
Around that time, Apple was just beginning its resurgence and many sought to take advantage of the Windows alternative. As a result, Apple machines kept popping up everywhere. But, with many organizations continuing to leverage Active Directory, those macOS machines could not be easily managed with AD unless add-ons were stacked on top of it, which increased both complexity and cost. There had to be a simpler way.
Adapting G Suite Identities to Modern IT and macOS Authentication
The shift to G Suite and then macOS systems put a great deal of pressure on how to centralize access and identity management in a realm that was typically dominated by Microsoft and their bevy of Windows-based solutions. Also, a new, revolutionary service was beginning to make its way into IT environments—Amazon Web Services® (AWS®). Soon after, very little of the overall IT infrastructure in many IT organizations was actually being managed by AD for modern organizations. That has forced many to question if they need AD or if G Suite Directory is sufficient.
Unfortunately, G Suite Directory is not much help as it wasn’t built to authenticate to on-prem systems, cloud servers, on-prem applications, VPNs, and WiFi among others. It was largely just a user management system for G Suite along with web application single sign-on for a select group of web applications. So, while it was useful for Google Cloud services, it wasn’t a core identity provider for most organizations. That’s where Directory-as-a-Service comes in.
Full Mac® Authentication is Possible
The best path forward for environments rife with macOS systems and G Suite users is through JumpCloud Directory-as-a-Service. This cloud directory serves as a central identity provider that has the ability to integrate with existing user stores, such as G Suite Directory, and import users en masse. JumpCloud then becomes the core IdP, which can federate the same G Suite credentials to virtually any IT resource. Specifically, a user’s macOS system can be authenticated via the same G Suite credentials. So, too, can AWS cloud servers, Linux machines, on-prem applications that authenticate via LDAP, web apps by way of SAML 2.0, WiFi through RADIUS, and of course, Windows systems. As a cloud directory service, this solution complements G Suite. In effect, it is cloud-based and cost effective, just like G Suite.
Try JumpCloud for Free Today
macOS authentication using G Suite identities doesn’t have to be an impossible integration any longer. With the free version of JumpCloud, you can sample that and all of the JumpCloud functionality at absolutely no cost to you—ever. Plus, it comes with the ability to manage 10 users and their devices. Try it free today. If you want to talk over your options, feel free to contact one of our product experts. Or, you can head on over to our Knowledge Base and / or YouTube channel for more information.