Allow groups to administer Mac without Binding?

Question

Macs in our environment are not bound to a directory. This is causing issues with a 3rd party Help Desk being able to assist the end users as the ONLY Admin of the device is the local administrator account. The password is not considered common knowledge due to security restrictions put on the help desk vendor.

Previously (prior to Jamf) we did directory Bind and use an AD security group to allow administration of the system. But now there are less users on-site and we're trying to implement Zero Touch Deployment, do Directory Binding was removed.

What are my options for enabling our vendor technicians to administer macs without sharing the local password (if any)?

howie_isaacks · Answer

We have been testing Jamf Connect for this reason, among others. Your vendor could be given an admin level single sign-on (SSO) account that they can use to login to the Macs. Binding really does not do any real good. One benefit it used to have was that it established the trust between the Mac and file servers so that users logged into their Mac with an AD account could connect to the server easily without a lot of effort. AD was never a good resource for managing Macs. Reach out to your Jamf account rep to get setup with a demo. We have been very impressed with Jamf Connect so far, and we have plans to deploy it for two of our clients in the near future.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded