Jamf Connect

James RidsdaleApple, General, iOS, macOS, Management

What is it?

When installed, Jamf Connect eliminates the need to bind a Mac to a directory service, such as Active Directory. In a world of mobility and an ever increasing mobile workforce, it is important to push the boundaries of traditional networks from internal to the internet, while not compromising on security.

In its current form, Jamf Connect has been available for a while now. Many new features are in the pipeline and, with the Jamf development workhorse firmly behind it, it is here to stay. That said, we have been having many conversations with our clients in recent months regarding its origins, so we thought a brief history lesson might be useful.

History

The background of Jamf Connect, is a little like an episode of EastEnders, but please bear with us:

  • In April 2009 Peter Bukowinski announced a project called AD Password Monitor
  • Two years later, Rusty Myers reached out to Peter about moving AD Password Monitor from a dashboard widget to an app. Soon afterwards, Peter announced the first release of ADPassMon, taking AD Password Monitor and turning it into a application.
  • In April 2014 Ben Toms (aka MacMule) announced a fork of ADPassMon, which added new features to ADPassMon. It notably improved keychain handling along the lines of Joel Rennich’s Keychain Minder. This was due to the addition of the local items keychain to macOS 10.9 (Mavericks), plus the fact Keychain Minder did not work with this new keychain. At the time Joel was working at Apple, so Keychain Minder became unmaintained.
  • In December 2014 Peter Bukowinski announced the release of KerbMinder.
  • In September 2015 Ben Tom’s version of ADPassMon was merged with Peter’s.
  • In October 2015 Francois Levaux-Tiffreau worked on a release of KerbMinder which removed the requirement for the Mac to be bound to AD. Around the same time Peter, Francois and Ben began discussions with Kyle Crawshaw about moving ADPassMon to Python, subsequently creating a module that ADPassMon, KerbMinder and Kyle’s ShareMounter would use. This project was called Gala.
  • In November 2015 Apple’s Professional Services team announced Enterprise Connect. Within its Keynote deck featured at webinars, ADPassMon was shown as an example of how to manage passwords when bound to AD.
  • In December 2015 Joel Rennich started a new role at TruSource having left Apple and before starting Orchard & Grove. Joel contacted Ben and discussed the possibility of porting ADPassMon to Swift. Ben wanted to use Python, but Joel preferred Swift.
  • In February 2016 Peter took a role at Apple, and Ben became the primary maintainer of ADPassMon.
  • In April 2016 Ben joined the growing team at dataJAR where we were, and still are, a cloud first company, yet many of our customers use or used AD. Around the same time, Kyle and Francois took new roles (Francois is now at Apple) and the focus of their roles changed. This meant KerbMinder and ShareMounter took a back seat.
  • In August 2015 Joel made first commit to NoMAD.
  • In November 2016 Tom Nook added ShareMounter preferences to NoMAD.
  • In December 2016 NoMAD release candidates start being released.
  • In March 2017 NoMAD 1.0.3 is released.
  • In February 2018 NoMAD Pro 1.0 is released.
  • In September 2018 Jamf acquired Orchard & Grove, and with it NoMAD, NoMAD Pro and NoMAD Login.
  • In January 2019 Jamf Connect 1.0.0 is shipped with Azure support.

So there we have it, the story of Jamf Connect so far. From humble beginnings and ideas floating around the Open Source community to a fully fledged commercial product.

Do I need NoMAD or Jamf Connect?

This is a question we are frequently asked and it is one we are keen to answer, because it could cost you money if you get it wrong. Put simply: On-premise only Active Directory then NoMAD is adequate, if you use Azure AD then Jamf Connect is right for you.

That out-of-the-box experience

Without question, the ability to set up a new device anywhere in the world without compromising data or endpoint security is engrained deep in our company values. Additionally, this should also be carried out without the shackles of complicated processes or set up documentation.

This is where Jamf Connect comes in. Once configured leveraging datajar.mobi, a new macOS device fresh out-of-the-box can be set up anywhere from the comfort of your own home to a coffee shop. 

Utilising plug-ins for the macOS login window, the end user is prompted for their Azure AD (AAD) credentials, essentially moving identity management to the cloud. The future?

While we don’t own a Delorean, we can say that Jamf Connect is a great tool for leveraging existing identity management platforms. Jamf Connect already has Okta, Azure and soon to be Google support. Integrating solutions like this with wearable tech, such as Apple Watch (which can be used for Multi-Factor-Authentication) will only make securing devices a help rather than a hindrance.

Resources

Click here if you would like to request a Jamf Connect Trial or view the Jamf Connect Admin Guide and Complete the Jamf Connect evalution.

Further information

If you would like to learn more about implementing Jamf Connect and also our device management services such as datajar.mobi, then get in touch.