macOS Identity Management

By Greg Keller Posted December 9, 2016

macOS is now one of the most popular operating systems in the world. In fact, Mac devices are shifting the balance from a predominantly Windows owned IT infrastructure to heterogeneous environments.

Only one in five devices is now Windows [Forbes]. In the not-so-distant past, Windows accounted for 9 out of 10 devices. macOS definitely grabbed some of that market share as did Linux and, of course, iOS, Android, and other mobile OSs.

With macOS being such an important platform, a key challenge for IT admins becomes how to manage those users. macOS identity management has been difficult with conventional directories. Luckily, it is being solved by a modern Directory-as-a-Service® platform.

Past: Windows Heavily Populated The IT Landscape


The roots of the macOS identity management conundrum go back to the dominance of Windows. Microsoft owned the market and as a way to lock-in their customers, they created Active Directory, a centralized user management platform. AD would authenticate, authorize, and manage Windows users and devices. It would ensure that a Windows user and device could access virtually anything on the domain. That is, of course, as long as it was Microsoft Windows based or compatible. Mac devices were largely shut out of this world. At the time, most IT organizations didn’t care because very few of their machines were Macs.

Present: macOS Identity Management in a Diverse Environment


Fast-forward to the present, where the IT infrastructure looks remarkably different. macOS, Linux, AWS, G Suite, Office 365, WiFi, SaaS applications, and more are all a part of an IT admin’s world.

Centrally managing all of those solutions and controlling access to them has become a difficult challenge. In fact, Active Directory is no longer the right solution for the job. Our Directory-as-a-Service IDaaS platform is providing a virtual identity provider to connect user identities to systems, applications, and networks. A key part of the cloud-hosted directory service is the ability to authenticate, authorize, and manage macOS devices.

daas Directory-as-a-Service

As a cloud-hosted directory, the platform places a small, lightweight agent on the macOS device. The agent then natively creates, terminates, or modifies user access. Further, IT admins can remotely execute commands and scripts on the machine, thus ensuring that the system is being tightly managed and controlled for policies, security, and user settings. Mac devices and users can now be managed as Windows machines were with AD, but IT admins no longer have the restrictions associated with AD. Directory-as-a-Service is cross-platform, multi-protocol, provider agnostic, and location independent. For macOS-focused organizations, Directory-as-a-Service becomes a replacement to Active Directory and Open Directory.

Future: JumpCloud® Brings You Beyond Active Directory  

If you would like to learn more about macOS identity management solutions, drop us a note. We’d be happy to walk you through how we natively integrate with macOS as well as a wide variety of other platforms. Also, please feel free to try JumpCloud’s cloud directory yourself. Your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts