Meraki

Community

Can I use JumpCloud for AD?

jared_f
Kind of a big deal
‎Feb 5 2018 6:02 PM
‎Feb 5 2018 6:02 PM

Can I use JumpCloud for AD?

Hi Folks,

 

I hope all is well! I am looking for some advice on binding JumpCloud LDAP to Meraki Systems Manager:

 

The problem I have is that you cannot just map to JumpCloud. This is how it is done on Jamf and I have been trying to replicate with Meraki:

https://jumpcloud.com/engineering-blog/integrating-jamf-softwares-lamf-cloud-with-ldap/

 

Meraki is making me define a gateway. Any way around this?

 

Jared

 

 

Find this helpful? Click the kudos button. Thanks!
0 Kudos
12 Replies 12
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 5 2018 6:40 PM
‎Feb 5 2018 6:40 PM

I would say you need to use it when defined as a service, like this:

https://support.jumpcloud.com/customer/portal/articles/2439911-using-jumpcloud-s-ldap-as-a-service

0 Kudos
In response to PhilipDAth
jared_f
Kind of a big deal
‎Feb 5 2018 6:42 PM
‎Feb 5 2018 6:42 PM

Thanks @PhilipDAth, I will give that a try. 

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to PhilipDAth
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 5 2018 6:46 PM
‎Feb 5 2018 6:46 PM

It looks like you might be able to do something similar using AzureAD as well.

https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-gu...

0 Kudos
In response to PhilipDAth
jared_f
Kind of a big deal
‎Feb 5 2018 6:47 PM
‎Feb 5 2018 6:47 PM

The issue I seem to run into is that Meraki makes in mandatory to have an AD gateway. 

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to jared_f
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 5 2018 6:52 PM
‎Feb 5 2018 6:52 PM

I know you need an actual AD server to talk to.So if they call that a gateway, then yes.

0 Kudos
In response to PhilipDAth
jared_f
Kind of a big deal
‎Feb 5 2018 6:54 PM
‎Feb 5 2018 6:54 PM

JumpCloud is completely cloud hosted. I am thinking of using OSX Server (which I try to stay away from) to be that bridge to JumpCloud. 

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to jared_f
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 5 2018 6:56 PM
‎Feb 5 2018 6:56 PM

I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.

 

If you use Office 365 for email and documents then this would bind everything together for you.

In response to PhilipDAth
Uberseehandel
Kind of a big deal
‎Feb 6 2018 12:01 AM
‎Feb 6 2018 12:01 AM

@PhilipDAth wrote:

I've never used AzureAD for this ... but it is completely cloud based and looks like it is a bit easier to me, especially since they provide a direct LDAP interface.

 

If you use Office 365 for email and documents then this would bind everything together for you.

The last time I tried to implement this, I needed a local AD. Which is redundant for organisations which have bought into Cloud-based services and infrastructure. However, it is entirely feasible to run RADIUS on the gateway device (MX).

I remain confident that AzureAD will handle remote authorisation in a useful manner.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
juergenk
Conversationalist
‎Feb 6 2018 12:56 AM
‎Feb 6 2018 12:56 AM

Hi

I've just made a feature request to have LDAP as another method for AuthN on Meraki SM. 
A potential workaround could be (not tested) to provision the accounts from JumpCloud to G-Suite or Office365 and then auth via these, but it would add another layer and i'm not sure if this would work during a DEP enrollment for example. 

0 Kudos
In response to juergenk
jared_f
Kind of a big deal
‎Feb 6 2018 7:38 AM
‎Feb 6 2018 7:38 AM

Would it be possible to use Open Directory?

Find this helpful? Click the kudos button. Thanks!
0 Kudos
In response to jared_f
Richard_W
A model citizen
‎Jul 24 2019 8:46 AM
‎Jul 24 2019 8:46 AM

@jared_f  Any progress on this topic? Curious about using JumpCloud here.

0 Kudos
In response to Richard_W
jared_f
Kind of a big deal
‎Jul 24 2019 9:06 AM
‎Jul 24 2019 9:06 AM

Sadly no, I installed the Meraki agent on a PC already bound to the domain. Then in order to populate a user the device needs to be enrolled again.

 

I actually did find a use for JumpCloud. To connect to WiFi it is WPA2 Enterprise with AD and your IP gets issued via Windows DHCP. I can fully shutdown my domain and authentication fails over to JumpCloud and DHCP fails over to my Synology HA Cluster and the DNS is changed to 8.8.8.8 and 8.8.4.4 -- that was the only use I found for JumpCloud in the end.

Find this helpful? Click the kudos button. Thanks!
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.