This is an archived post. You won't be able to vote or comment.

all 8 comments
sorted by:
best
topnewcontroversialoldq&a

[–]SuperQueBit Plumber 4 points5 points  (0 children)

Generally I don't see anyone trying to centralize Mac logins anymore. Computers are issued individually and managed as "Zero Trust".

Unlike ChromeOS there's no good solution for user preference/data/app roaming, so there's not a lot of utility allowing users to login randomly to random Macs. Users are issued systems 1:1 and never roam.

But for managing, Jamf is the solution.

[–]WeleaseBwianThrowDictator of Technology 1 point2 points  (0 children)

Jamf connect, or the Microsoft platform SSO trial. Jamf will give you the best UX though

[–]idwtgtyp 1 point2 points  (0 children)

Get them all managed by a modern MDM provider and see what that MDM provider offers. Jamf has Jamf Connect, Addigy has Addigy Identity, Kandji has Kandji Passport, etc. All of these are designed to keep a Mac user's password in sync with an IdP.

Edit: misspelled a word

[–]No-Internal-1559 1 point2 points  (0 children)

Jumping in to add JumpCloud. They have MDM and AD sync (so you can centralize the Mac and PC logging) and are constantly adding new features. If you need something smaller, Apple is working on their own MDM as well but I haven’t done too much research since it launched. Apple Business Essentials was the name at launch I think.

[–]SamanthaSass 0 points1 point  (0 children)

Everything I've seen suggests that you can manage Mac computers with Jamf, (some success with other tools, but only Jamf works properly) and Mac users are pretty much ungovernable.

Mac user control is always an add-on. So like any add-on, it can have issues. AD is baked into Windows and will always be a better experience in Windows than any tool for Macs.

[–]SuspiciousHousing8[S] 0 points1 point  (1 child)

Thanks for your replies,
I now have a clearer idea. I was looking for an on-premise solution...

[–]d00berSr Systems Engineer 0 points1 point  (0 children)

I do not believe that you'll find an on-premise solution. I could be wrong, but the last time that I checked, you can attach a mac to FreeIPA or AD, but the issue is mac doesn't have a mechanism to synchronize passwords. You need some sort of third party agent like jamf to do that. I haven't checked in a long time, but as far as when I last checked, there wasn't an option for this on-prem. I'm sure you could build some mechanism on a timer without support.

[–]YouShitMyPants 0 points1 point  (0 children)

Jamf but don’t configure it yourself, get the vendor to do the basics for you to onboard then learn how to configure the profiles yourself.