Posted on 08-24-2021 01:14 PM
Hi everyone,
I'm a quite new mac System admin. We would like to manage properly identity on Apple devices. Because bind mac to AD bring some hassles and some are out of our network (don't reach AD).
So we're looking a product that provides identity from our hybrid environment (Active Directory + Azure Active Directory). Most of our environment is Microsoft but some VIP and departments ( Graphic Designer ) use Mac. We saw that one of last version of Jamf Connect can manage hybrid identity.
I found some feedback but not enough with hybrid environment. What do you think about this product ? Do you know an alternative because it's a bit pricey 2$ / month / Device.
Our environment:
- Hybrid (Active Directory + Azure Active Directory)
- Office 365
- Adfs 3.0 will upgrade 5.0 soon (may be not possible with 3)
- MFA Azure
- Active directory authority for local resources (Printers, file servers, wifi,...)
- Intune
- Apple Business Manager (just few Macs)
- Couple Macs bound to AD others are "Free"
I asked a trial to Jamf and give a try.
Thank you.
Posted on 08-24-2021 02:37 PM
Jamf connect is the best thing we invested in. No more broken password hashes and broken keychains. It really helped while on quarantine as well. We no longer need a VPN connection to create managed mobile accounts. Only complaint is the 3 login screens, but we're planning on implementing Jamf Unlock soon.
Posted on 08-24-2021 02:39 PM
It also helps with devices losing Intune compliance due to broken keychains.
Posted on 08-26-2021 05:36 AM
What do you need to authenticate for? identity is a broad term. Jamf cornnect is a good product for logins. There are other free things out there like azure sso extention:
https://docs.microsoft.com/en-us/azure/active-directory/develop/apple-sso-plugin
if you only need user kerbros look at the kerbros option, also there is nomad still out there that should work but you dont get the support you would with jamf connect.
Posted on 08-26-2021 07:54 AM
My organization is moving to a purely cloud IDP environment. The SSO extension is only for apps not login. NoMAD is just the on prem AD version of Jamf Connect. We use Jamf Connect to sync Idp passwords with local accounts. The login screen also prevents terminated users from accessing machines and allows simple account creation for Automated Device Enrollment.