Apple introduced several changes related to identity that raised some confusion regarding how macOS and Jamf Connect will work together going forward. We would like to clear this up and help our customers better understand how macOS Catalina with Jamf Connect can provide the best possible Apple experience for users.
Apple announced several new features that will be available with macOS Catalina in October:
- Customized Enrollment, enabling a mobile device management (MDM) server to specify an authentication web page to load during initial configuration with either Apple Business Manager or Apple School Manager
- Managed Apple IDs for Business (with support for Federation through Microsoft Azure AD), enabling the use of Apple services like iCloud Drive and Notes using one set of existing credentials
- A framework for Single Sign-On app extensions that will enable employees to seamlessly log in to websites and apps, if their cloud identity provider has built a supported app
- The inclusion of a first-party extension to support Kerberos authentication and password syncing to a local account
Although Customized Enrollment can show any type of authentication during initial configuration, verifying that user is allowed to complete set up of the Mac, macOS does not enforce the user to use the same password as their identity provider (IdP). This means that out of the gate, macOS authenticates a username, but now the user has two passwords. And although many companies will take advantage of the first-party extension to support on-premises Active Directory and Kerberos, most customers are moving towards cloud identity providers for additional security and seamless integration with cloud-based apps. Read More
Sniper systems is jamf reseller in Chennai