We will be potentially adding some Mac computers to our network and I am looking to be able to use windows domain credentials to log onto to them. I see that it can be done if JAMF can talk directly to the LDAP servers but our ldap servers are not accessible to the internet. We have been using ADFS to handle all external login requests. I was having a hard time finding information on this but it is possible to use the ADFS service which is already accessible publicly for authentication instead of directly talking to an LDAP server?
Thank you for your help,
Eric Von Seggern
Jamf can talk back to your internal LDAP, this is normally setup to use an LDAP Proxy and the Jamf Infrastructure Manager.
Using LDAP allows you to let users login to Jamf Pro with their AD credentials and assign devices to users in AD.
The LDAP connection between Jamf Pro and Active Directory does not let you login to the Macs.
You would need to bind the machines to your domain and they need to be local.
That being said......you can use Jamf Connect to create local accounts based on your credentials from your IDP (Azure, OKTA etc). You can even have Jamf Connect sync password back to AD via ADFS.
Hope this makes sense
You want to use AD credentials to log in to your managed Macs? Is that right?
You can take a look at NoMAD and NoMAD Login. NoMAD allows a Mac user to authenticate to AD and get a Kerberos ticket. Add NoMAD Login, which replaces the native Mac login method, and you get a login method that is similar to AD login on Windows.
We use the combination to allow students to log in to computer labs, and are expanding adoption for our one to one assigned computers. We do not bind our Macs to AD, so NoMAD + NoMAD Login has given us the ability to set up computers before we know who is going to receive them, and to control the type of account a user will get when they log in for the first time and their profile is created.