I'm a quite new mac System admin. We would like to manage properly identity on Apple devices. Because bind mac to AD bring some hassles and some are out of our network (don't reach AD).
So we're looking a product that provides identity from our hybrid environment (Active Directory + Azure Active Directory). Most of our environment is Microsoft but some VIP and departments ( Graphic Designer ) use Mac. We saw that one of last version of Jamf Connect can manage hybrid identity.
I found some feedback but not enough with hybrid environment. What do you think about this product ? Do you know an alternative because it's a bit pricey 2$ / month / Device.
- Hybrid (Active Directory + Azure Active Directory)
- Office 365
- Adfs 3.0 will upgrade 5.0 soon (may be not possible with 3)
- MFA Azure
- Active directory authority for local resources (Printers, file servers, wifi,...)
- Apple Business Manager (just few Macs)
- Couple Macs bound to AD others are "Free"
I asked a trial to Jamf and give a try.
I recently worked on deploying Jamf Connect for a client and I was very pleased with the overall ease of setup and deployment. One of the reasons why we wanted to do this was to bring MFA to the Mac login experience. We used Duo Security for MFA. Since Azure is already setup for authentication through Duo, I did not need to do anything different. When an Azure user logs in, they are prompted to respond through Duo. For the few issues that I had, Jamf Support was extremely helpful (as they always are!) The issues were mainly caused by me not setting up something correctly. Overall, I was very impressed with how Jamf Connect works. I think binding Macs to AD is useless. So far, I have ran into only one major issue. For my own company, we were stalled on deploying Jamf Connect because the MFA solution we use internally uses SAML authentication. It would not work with Jamf Connect. When we disabled MFA for the account I was using for testing, the login process would complete. The solution we use is called Secret Double Octopus. Personally, I HATE this MFA solution but I don't get to make the decisions for what to use.