SSO/Shared Drives/AD Binding Best Practices

rafemoody
New Contributor

Hello,

I am looking for advice regarding best practices when dealing with the above technologies. Currently, we have an environment where we are bound to AD but the only thing remaining we need it for is shared drives. We currently have apple scripts which mount the users shared drives through kerberos tickets and we would like to keep that (but it's not a deal breaker). I have done reading and reached out to Okta, Ping and Centrify. Centrify wants to integrate us further into AD, so that won't work for us. And both Okta and Ping said that unless we are using a web/sharepoint interface or third party solution like Box or Dropbox that they could not help us. Ultimately, what we would like is to have piece of software (sso agent or something else) that would take the users password entered on the local machine account, relay that to AD and keep the two in sync without having to be bound. If it also managed WebApps and SAML authentication to other sites then that would be an added bonus.

For those of you who are in AD environments but unbound, how do you get around the hurdle of Shared Network Drives. To clarify these are drives which are shared at the department or business unit level. These are not the users personal storage space on the network.

Thank you

2 REPLIES 2

bpavlov
Honored Contributor

I can't speak to it since I don't use it. But perhaps Apple Enterprise Connect handles that?
https://jamfnation.jamfsoftware.com/discussion.html?id=17757

Based on that thread, it seems you don't need to be bound to AD to utilize it. Not sure if it will generate a kerberos ticket though.

Chris_Hafner
Valued Contributor II

We've been looking for a solution to a similar challenge. We don't bind to AD at all but use it heavily on the backend to tie together various services. Unfortunately, the last I checked, Enterprise Connect wasn't available to Edu's so I stopped evaluating it at that point. I believe it simply provides user level AD binding, as hosted by Apple but... again, I haven't delved too deeply.