By Zach DeMeyer Posted August 1, 2019
Few things have a greater effect on an IT admin’s workflow than the introduction of a new macOS® version. With completely new requirements for authentication, zero-day vulnerabilities, and last minute updates, a new macOS, like the upcoming macOS Catalina™ for instance, keeps IT admins on their toes. As such, many IT admins are concerned about what macOS Catalina Active Directory® integration is going to look like.
The concern makes sense. Many IT organizations are reliant on the legacy, on-prem directory service, Microsoft® Active Directory, to manage their user identities and subsequent resource access. And, given Apple® and Microsoft’s history of not playing nicely together, this concern gains a lot more credence.
Mac Management Through the Years
Historically, integrating Macs® into Active Directory (AD) has been difficult to say the least. As fierce competitors in the system space, the concept of cross-platform functionality has been far beyond either Apple or Microsoft’s business plans. In fact, after Windows® systems began to dominate the scene with AD on top managing them all, Apple released their Open Directory to serve the same purpose as the directory service giant for Mac systems.
Of course, Mac systems haven’t been the only affront to Microsoft’s perfect Windows-only, on-prem world of the 1990-2000s. Now, non-Windows and cloud-based resources are the go-to for many organizations, large and small. Unfortunately for IT admins, Active Directory has struggled to keep up with all of these resources, making managing them with AD a burden.
Some tools have entered the market to help alleviate this burden. For web applications, solutions like single sign-on (SSO) tools are available to federate AD identities to cloud resources. For Mac and Linux® devices, there are a few on-prem identity bridges that IT admins can use. Other resources have their own associated AD add-on tools. These, unfortunately, can rack up costs and overhead for IT admins, making them less appealing than an-all-in-one option like AD used to be.
macOS Catalina Active Directory Integration
With the release of Catalina, integrating Macs into AD may be a bit easier than it has been historically. Namely, Apple is increasing the value of mobile device management (MDM) tools for authenticating access for Catalina Macs. While MDMs can help AD play nicely with Macs, there still remains some critical issues and questions. Authenticating access isn’t the same as provisioning, de-provisioning, and managing the user’s identity on a Mac. Many IT admins are also interested in managing their Mac fleet with policies similar to the AD construct of group policy objects (GPOs) for Windows.
Unfortunately, while it is unclear of the full extent of how Catalina will interact with Active Directory, we know that Active Directory itself is not created to be used comprehensively with Mac systems. Beyond that, IT admins need to also manage identity access to other IT resources. Historically, AD struggles with resources that aren’t based on-prem, so even though Catalina may introduce SAML to Mac management, it doesn’t mean this functionality will carry over into AD necessarily.
AD Integration for Macs from the Cloud
While Active Directory may not be suited for these scenarios, the good news is that there is a cloud directory service that works seamlessly with Mac systems. This Directory-as-a-Service® can manage Mac, Windows, and Linux systems and their users from a single cloud console, as well as their access to virtually all other IT resources.
What’s more, this cloud directory service, available from JumpCloud®, can also be used in AD-centric environments with ease. Using the JumpCloud AD Integration feature, IT admins can import their AD identities into Directory-as-a-Service, and subsequently sync their JumpCloud-managed resources back to AD as well. That means that IT organizations can use JumpCloud for macOS Catalina Active Directory integration at scale for their entire user base.
Learn More about JumpCloud
If you would like to learn more about JumpCloud and the AD Integration feature, please contact us. We’d be happy to talk with you about our new premium AD Sync feature and Directory-as-a-Service as a whole.
You can also explore JumpCloud Directory-as-a-Service completely free. Just sign up for a JumpCloud account and start trying Directory-as-a-Service for your organization with ten users in the platform that you can use for free forever.