How about Identity as a Service, or cloud based auth? Some of them seem to offer pretty good onboarding/offboarding which I wish we had when I was at an EDU.
No idea on costs, as we've not looked in that direction ourselves. Representative services might be Okta, Duo Security?, Ping Identity, etc. On Mon, Mar 23, 2015 at 9:35 AM, Gilbert Wilson <gilb...@watchhouse.org> wrote: > >> On Mar 23, 2015, at 7:28 AM, Jonathan Billings <billi...@negate.org> wrote: >> >> On Mon, Mar 23, 2015 at 07:39:12AM -0400, Jason Healy wrote: >>> I’m looking to tap the collective wisdom for product selection >>> advice and also recommendations for professional services for our >>> environment. We’re looking to replace our current authentication >>> system. We’re a K-12 that’s all-Apple (about 500 client machines). >>> On the server side, we’re a mix of OS X, Linux, and BSDs. >> >> I'm amused everyone seems to be telling you to set up an AD >> infrastructure when you have absolutely no windows clients or >> servers. > > That’s because AD is a first tier directory server for OS X systems. > Arguably, at this point, Apple provides better support for AD than OD. With > the release of each version of OS X Apple releases a best practices white > paper for integrating with AD. The Yosemite update can be found here: > > http://training.apple.com/pdf/wp_integrating_active_directory_yosemite.pdf > > Googling should find the previous editions. > > However, imho, you should avoid binding end-user Macintosh systems to a > directory server and focus on the integration of organizational services > (like file servers and web applications). If you do bind OS X systems to a > directory server make sure to test-test-and-retest every single OS upgrade > before deploying. Apple has a habit of carelessly breaking login > authentication against directory servers and requiring undocumented > workarounds or fixes. You should budget for enterprise support tickets in > such cases since talking to a senior advisor at Apple is probably the only > way you’ll find a fix in a timely manner. > > But of course, ymmv based on different needs and willingness to fiddle. Good > luck! > > Gil > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
