Allow groups to administer Mac without Binding?

New Contributor

Macs in our environment are not bound to a directory. This is causing issues with a 3rd party Help Desk being able to assist the end users as the ONLY Admin of the device is the local administrator account. The password is not considered common knowledge due to security restrictions put on the help desk vendor.


Previously (prior to Jamf) we did directory Bind and use an AD security group to allow administration of the system. But now there are less users on-site and we're trying to implement Zero Touch Deployment, do Directory Binding was removed.


What are my options for enabling our vendor technicians to administer macs without sharing the local password (if any)?


Valued Contributor II

We have been testing Jamf Connect for this reason, among others. Your vendor could be given an admin level single sign-on (SSO) account that they can use to login to the Macs. Binding really does not do any real good. One benefit it used to have was that it established the trust between the Mac and file servers so that users logged into their Mac with an AD account could connect to the server easily without a lot of effort. AD was never a good resource for managing Macs. Reach out to your Jamf account rep to get setup with a demo. We have been very impressed with Jamf Connect so far, and we have plans to deploy it for two of our clients in the near future.

Contributor II

Why not just create a new local admin account for the vendor? Creating accounts, even admin using policy is very easy in jamf.