Can I use JumpCloud for AD?

jared_f
Kind of a big deal

Can I use JumpCloud for AD?

Hi Folks,

 

I hope all is well! I am looking for some advice on binding JumpCloud LDAP to Meraki Systems Manager:

 

The problem I have is that you cannot just map to JumpCloud. This is how it is done on Jamf and I have been trying to replicate with Meraki:

https://jumpcloud.com/engineering-blog/integrating-jamf-softwares-lamf-cloud-with-ldap/

 

Meraki is making me define a gateway. Any way around this?

 

Jared

 

 

Find this helpful? Click the kudos button. Thanks!
12 REPLIES 12
PhilipDAth
Kind of a big deal
Kind of a big deal

I would say you need to use it when defined as a service, like this:

https://support.jumpcloud.com/customer/portal/articles/2439911-using-jumpcloud-s-ldap-as-a-service

jared_f
Kind of a big deal

Thanks @PhilipDAth, I will give that a try. 

Find this helpful? Click the kudos button. Thanks!

It looks like you might be able to do something similar using AzureAD as well.

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-gu...

jared_f
Kind of a big deal

The issue I seem to run into is that Meraki makes in mandatory to have an AD gateway. 

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

I know you need an actual AD server to talk to.So if they call that a gateway, then yes.

jared_f
Kind of a big deal

JumpCloud is completely cloud hosted. I am thinking of using OSX Server (which I try to stay away from) to be that bridge to JumpCloud. 

Find this helpful? Click the kudos button. Thanks!
PhilipDAth
Kind of a big deal
Kind of a big deal

I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.

 

If you use Office 365 for email and documents then this would bind everything together for you.


@PhilipDAth wrote:

I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.

 

If you use Office 365 for email and documents then this would bind everything together for you.


The last time I tried to implement this, I needed a local AD. Which is redundant for organisations which have bought into Cloud-based services and infrastructure. However, it is entirely feasible to run RADIUS on the gateway device (MX).

I remain confident that AzureAD will handle remote authorisation in a useful manner.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
juergenk
Conversationalist

Hi

I've just made a feature request to have LDAP as another method for AuthN on Meraki SM. 
A potential workaround could be (not tested) to provision the accounts from JumpCloud to G-Suite or Office365 and then auth via these, but it would add another layer and i'm not sure if this would work during a DEP enrollment for example. 

jared_f
Kind of a big deal

Would it be possible to use Open Directory?

Find this helpful? Click the kudos button. Thanks!

@jared_f  Any progress on this topic? Curious about using JumpCloud here.

jared_f
Kind of a big deal

Sadly no, I installed the Meraki agent on a PC already bound to the domain. Then in order to populate a user the device needs to be enrolled again.

 

I actually did find a use for JumpCloud. To connect to WiFi it is WPA2 Enterprise with AD and your IP gets issued via Windows DHCP. I can fully shutdown my domain and authentication fails over to JumpCloud and DHCP fails over to my Synology HA Cluster and the DNS is changed to 8.8.8.8 and 8.8.4.4 -- that was the only use I found for JumpCloud in the end.

Find this helpful? Click the kudos button. Thanks!
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels