As far as apple is concerned on prem AD is dead. There is no real modern way to integrate a Mac with an AD environment. You can use scripts to map users' network Home Drives and use JAMF Connects Kerberos ticket to SSO the drive. However, macOS itself gives no respect or regard to this network drive. It's just another share drive. Even Microsoft is pushing hard at using OneDrive over Home Drives, though not every organization is ready for that shift.
JAMF Connect can do all of your bullet points. Though finder has nothing to do with passwords, passwords are handled by keychain access.app.
- Branding at Login: Yes
- Information in Finder when current password is about to expire: JAMF Connect Menu Bar app will notify you when a PW is about to expire (XYZ days before configured by admin).
- Easy to change password (that syncs) directly in Finder: The JAMF Connect Menu Bar app handles the password change and syncing with AAD and the macOS Keychain (both ways).
- The solution should be updated frequently and support the latest macOS fairly soon after Apple releases a new version without any difficulty updating if needed: JAMF typically updates JAMF Connect a few weeks before the new release of macOS Updates and Upgrades.
JAMF Connect does generate Kerberos tickets. However, ADFS will not use them. To get SSO with Microsoft Products you need to install the Microsoft Company Portal app as that has Microsoft's SSO Broker in it. Once a user logs in to the company portal app (or any other Microsoft tool like Outlook) that will enable the SSO Broker in the Company portal to handle authentication.
As far as competitors to JAMF Connect. I have not found any that come close to doing as much as JAMF Connect does. Tools like the Company Portal app, or Okta Verify have PW sync options to the SSO Broker but they do not update macOS's local password. Platform SSO has a bunch of offerings but I cannot test it in my organization so I cannot really speak much on it.
As far as apple is concerned on prem AD is dead. There is no real modern way to integrate a Mac with an AD environment. You can use scripts to map users' network Home Drives and use JAMF Connects Kerberos ticket to SSO the drive. However, macOS itself gives no respect or regard to this network drive. It's just another share drive. Even Microsoft is pushing hard at using OneDrive over Home Drives, though not every organization is ready for that shift.
JAMF Connect can do all of your bullet points. Though finder has nothing to do with passwords, passwords are handled by keychain access.app.
- Branding at Login: Yes
- Information in Finder when current password is about to expire: JAMF Connect Menu Bar app will notify you when a PW is about to expire (XYZ days before configured by admin).
- Easy to change password (that syncs) directly in Finder: The JAMF Connect Menu Bar app handles the password change and syncing with AAD and the macOS Keychain (both ways).
- The solution should be updated frequently and support the latest macOS fairly soon after Apple releases a new version without any difficulty updating if needed: JAMF typically updates JAMF Connect a few weeks before the new release of macOS Updates and Upgrades.
JAMF Connect does generate Kerberos tickets. However, ADFS will not use them. To get SSO with Microsoft Products you need to install the Microsoft Company Portal app as that has Microsoft's SSO Broker in it. Once a user logs in to the company portal app (or any other Microsoft tool like Outlook) that will enable the SSO Broker in the Company portal to handle authentication.
As far as competitors to JAMF Connect. I have not found any that come close to doing as much as JAMF Connect does. Tools like the Company Portal app, or Okta Verify have PW sync options to the SSO Broker but they do not update macOS's local password. Platform SSO has a bunch of offerings but I cannot test it in my organization so I cannot really speak much on it.
Thanks a lot for very detailed information.
