This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Replacing Active Directory with Google authentication - JumpCloud?

Posted on 06-23-2021 11:10 AM
stoltzfusm
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are gradually moving as many of our locally hosted services as possible to the cloud.  I've already migrated file and print services to cloud-based solutions, and all of our databases and ERP solutions are cloud based at this point.  The main thing that's left is Active Directory.  We're a single-campus K-12 private school with a fairly simple AD schema, and we're also a Google Workspace for Education school.  I would love to be able to completely eliminate AD and use Google credentials to authenticate and manage our computer accounts (we have a combination of Windows computers and Chromebooks - no Macs).  Does anyone have any experience with JumpCloud, or another solution that would accomplish this goal?

Solved Solved
3 10 8,351
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
jhaff
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

+1 for GCPW, basic authentication works on the k-12 fundamental (free) version of google workspace for edu.  if you have a paid version of google workspace, you get more functionality like settings control, enhanced security, etc.  

you can most likely utilize google secure ldap for auth into other services you are using.  you can see their article here, it lists a number of authentication integrations using secure LDAP. 

i'm in the same boat, doing everything i can to eliminate AD and our legacy on-prem environment.  we looked into jumpcloud and azure, but we already have a MDM for our mac fleet, JAMF, and didn't really want to buy into another IdP since google is so close to having most of what we need.

View solution in original post

Jump to Solution
10 REPLIES 10

Posted on --/--/---- --:-- AM
CalebSpring
Gold 1
Gold 1
Reply posted on --/--/---- --:-- AM

We use JumpCloud right now but Google also has a similar feature called End Point Management which is part of Workspace. We like JumpCloud but plan to switch to Googles solution only because why pay for two services when you don't have too. 

https://support.google.com/a/answer/1734200?hl=en 

 

 

 

Jump to Solution

Posted on --/--/---- --:-- AM
BC-Evan
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

You should deploy GCPW - Google Credential Provider for Windows. It lets you log into Windows with Google accounts. Chromebooks are already set.

Jump to Solution

Posted on --/--/---- --:-- AM
rkkumar
Staff
In response to BC-Evan
Reply posted on --/--/---- --:-- AM

Here's a short Youtube video if you want to see it in action. 

Jump to Solution

Posted on --/--/---- --:-- AM
jhaff
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

+1 for GCPW, basic authentication works on the k-12 fundamental (free) version of google workspace for edu.  if you have a paid version of google workspace, you get more functionality like settings control, enhanced security, etc.  

you can most likely utilize google secure ldap for auth into other services you are using.  you can see their article here, it lists a number of authentication integrations using secure LDAP. 

i'm in the same boat, doing everything i can to eliminate AD and our legacy on-prem environment.  we looked into jumpcloud and azure, but we already have a MDM for our mac fleet, JAMF, and didn't really want to buy into another IdP since google is so close to having most of what we need.

Jump to Solution

Posted on --/--/---- --:-- AM
rkkumar
Staff
Reply posted on --/--/---- --:-- AM

We recently did a webinar on Youtube Live focusing on reducing AD dependence. It includes an overview of various identity components that can help and a high level play book. Hope it helps

Jump to Solution

Posted on --/--/---- --:-- AM
josephbears
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are currently on GCPW but we previously used JumpCloud for years.  One of the biggest issues with GCPW is password syncing to other windows machines.  If you have shared drives on other machines and your password is changed by either expiration or by the end user needing a password reset this doesnt propagate to the other windows machines.  IT has to get involved and manually update the passwords on the other computers.  If you change your Jumpcloud password all other machines that have the agent installed get the updated password.   We have an internal web based application that use Windows authentication.  GCPW causes major issues in this regard because the passwords dont propagate.  I can see the promise of GCPW but some basic functionality you would expect is missing.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
rkkumar
Staff
In response to josephbears
Reply posted on --/--/---- --:-- AM

Are you using GCPW on other Windows machines? If so, GCPW should propagate password changes done within Google to those machines during Windows login. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
josephbears
Bronze 1
Bronze 1
In response to rkkumar
Reply posted on --/--/---- --:-- AM

Yup and we consistently have to use the forgot password mechanism which then wipes the local profile. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
josephbears
Bronze 1
Bronze 1
In response to josephbears
Reply posted on --/--/---- --:-- AM

Also some machines are Windows server. Is there plans to be able to install GCPW on Windows server?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
josephbears
Bronze 1
Bronze 1
In response to josephbears
Reply posted on --/--/---- --:-- AM

And where it’s only syncing on Windows login then that means if you have an SMB share hanging off another machine it won’t get the updated password. For these shares users never directly login to the machine. 

Jump to Solution
0 Likes
Top Labels in this Space
Top Solution Authors
View all