macOS Identity Management

Written by Greg Keller on December 9, 2016

Share This Article

macOS is now one of the most popular operating systems in the world. In fact, Mac devices are shifting the balance from a predominantly Windows owned IT infrastructure to heterogeneous environments.

Only one in five devices is now Windows [Forbes]. In the not-so-distant past, Windows accounted for 9 out of 10 devices. macOS definitely grabbed some of that market share as did Linux and, of course, iOS, Android, and other mobile OSs.

With macOS being such an important platform, a key challenge for IT admins becomes how to manage those users. macOS identity management has been difficult with conventional directories. Luckily, it is being solved by a modern Directory-as-a-Service® platform.

Past: Windows Heavily Populated The IT Landscape


The roots of the macOS identity management conundrum go back to the dominance of Windows. Microsoft owned the market and as a way to lock-in their customers, they created Active Directory, a centralized user management platform. AD would authenticate, authorize, and manage Windows users and devices. It would ensure that a Windows user and device could access virtually anything on the domain. That is, of course, as long as it was Microsoft Windows based or compatible. Mac devices were largely shut out of this world. At the time, most IT organizations didn’t care because very few of their machines were Macs.

Present: macOS Identity Management in a Diverse Environment


Fast-forward to the present, where the IT infrastructure looks remarkably different. macOS, Linux, AWS, G Suite, Office 365, WiFi, SaaS applications, and more are all a part of an IT admin’s world.

Centrally managing all of those solutions and controlling access to them has become a difficult challenge. In fact, Active Directory is no longer the right solution for the job. Our Directory-as-a-Service IDaaS platform is providing a virtual identity provider to connect user identities to systems, applications, and networks. A key part of the cloud-hosted directory service is the ability to authenticate, authorize, and manage macOS devices.

daas Directory-as-a-Service

As a cloud-hosted directory, the platform places a small, lightweight agent on the macOS device. The agent then natively creates, terminates, or modifies user access. Further, IT admins can remotely execute commands and scripts on the machine, thus ensuring that the system is being tightly managed and controlled for policies, security, and user settings. Mac devices and users can now be managed as Windows machines were with AD, but IT admins no longer have the restrictions associated with AD. Directory-as-a-Service is cross-platform, multi-protocol, provider agnostic, and location independent. For macOS-focused organizations, Directory-as-a-Service becomes a replacement to Active Directory and Open Directory.

Future: JumpCloud® Brings You Beyond Active Directory  

If you would like to learn more about macOS identity management solutions, drop us a note. We’d be happy to walk you through how we natively integrate with macOS as well as a wide variety of other platforms. Also, please feel free to try JumpCloud’s cloud directory yourself. Your first 10 users are free forever.

Continue Learning with our Newsletter