In Blog, Mac Management, Multi-Factor Authentication (MFA)

A light wooden desk with a macbook, phone, and pineapple

Using multi-factor authentication (MFA) is one of the best ways IT organizations provide security for their systems. Unfortunately, many organizations/OS providers are more concerned about adding MFA to applications rather than systems. That’s a missed opportunity to protect any organization. With the new Apple® macOS® 10.15, Catalina™ OS, IT admins have an excellent opportunity to add MFA to their Mac® systems. Here’s how you can enforce macOS Catalina multi-factor authentication.

Why MFA?

Symantec found that 80% of identity breaches in the past several years could have been prevented by using an additional factor of authentication. In a more recent study, Google® found that most forms of device-based MFA are over 70% effective at preventing the takeover of a user account. You can see more of their findings in the chart below.

Account takeover rates, categorized by device-based and knowledge-based challenges

Source: Google Security Blog

Why System MFA?

With the above statistics in mind, MFA’s efficacy at preventing identity compromise is undeniable. So really, why not put it on the system level?

The system is an end user’s gateway to virtually all of the IT assets they need to do their jobs, including applications, data, VPN networks, servers, and more. Subsequently, if a workstation is compromised, it would be a conduit for bad actors to prey upon these critical resources. By adding MFA on the system level, as done with applications, IT organizations dramatically reduce the chance of a system compromise.

macOS Catalina MFA

With the release of Catalina, IT organizations can start using MFA at scale across their Mac systems. Since admins will already be on the update path, they can also use the time to implement MFA across their macOS fleets. 

Beyond the convenience factor, updates coming with Catalina should enable admins to more easily implement MFA in their organizations. For instance, Catalina enhances the capabilities of mobile device management (MDM) solutions, should manage how certain tooling, such as directory services, operate in a Catalina ecosystem.

Using a cloud directory service, organizations can enable and enforce MFA across their Mac fleets. With Catalina’s new capabilities, IT admins are better equipped to use a cloud directory service to manage their Macs and MFA.

A Cloud Directory Service for Catalina MFA

One such cloud directory service is JumpCloud® Directory-as-a-Service®. JumpCloud is actually the first cloud directory service, and has long focused on identity management and security practices at the system level, especially for macOS systems. IT organizations can use JumpCloud to enable MFA across their current macOS fleets, as well as their pending Catalina machines.

Beyond MFA, organizations can take advantage of JumpCloud’s cross-platform, group policy object-like Policies. Policies manage and automate other critical system security features, such as full-disk encryption (FDE) for Mac systems, as well as many others.

JumpCloud then manages a user’s identity and access to the cadre of IT assets they need to do their jobs, centralizing them all under a single set of credentials in a single cloud admin console. JumpCloud is platform-agnostic, so regardless of if your resources are Mac, Windows®, Linux®, Amazon®, Google, etc., JumpCloud can manage them all.

Learn More

If you are curious about leveraging JumpCloud for macOS Catalina multi-factor authentication, please reach out to us. We’d be happy to help. You can also see JumpCloud in action by scheduling a free personalized demo.

Recent Posts