Tech Check-In May 9, 2024 - Google Directory Authentication for Mac

• Greg Gunderson - Denison Community School District - Google Directory for Mac Authentication
• Migrating from Active Directory to Google Directory for Mac Authentication: The meeting discusses the process of moving away from Active Directory and using Google Directory to authenticate Mac computers.
• Using LDAP for Mac Authentication: The speaker focuses on utilizing LDAP, specifically Secure LDAP, for connecting Macs to Google Workspace accounts.
• Automating Mac Authentication with Mosyle MDM: The discussion highlights the use of Mosyle, a Mobile Device Management (MDM) system, for automating the deployment and configuration of Mac authentication using Google Directory. This includes certificate management, custom script deployment, and single-shot actions for efficient device setup.
• Challenges and Solutions in Implementing Mac Authentication: The conversation addresses difficulties encountered during the implementation, including:
  • Python Compatibility: Newer macOS versions lack support for the Python scripting in Google's instructions. Solutions involve using Pi2app to convert Python scripts into deployable applications or installing command-line tools for native Python script execution.
  • Multi-Factor Authentication (MFA) Limitations: The current setup doesn't accommodate MFA.
  • Password Change Issues: Handling password changes requires users to manually update their passwords in Chrome, as the system doesn't support real-time password synchronization with Google Workspace.
• Advantages of Using Google Directory for Mac Authentication: The speakers emphasize benefits such as:
  • Seamless User Experience: The login process for users remains consistent regardless of the authentication method, whether it's local users, Active Directory, or Google Directory.
  • Automated Deployment and Configuration: Mosyle streamlines the entire setup, making it efficient and hands-off.
  • Cost Savings: Transitioning to Chromebooks for faculty reduces expenses associated with Windows licensing and device management.

Welcome, everybody. This is May 9th edition of technology check in. Thanks everyone for showing up today. Our agenda today was working with Greg Gunderson. About the, using Google directory authentication machines and, actually spent more, little bit more work on it and has with. Max as well, some other things stuff and. So Greg's gonna, I might have him take over go through his journey of, What's been, what he's experience That migration away from active directory. With that, Greg, it's all yours. Alright, thanks Kat. Yeah, guess to start We, GCPW been great Windows side than, know Jason, we've talked about group policy before just haven't had time. kind shipped Mac world so started looking at you GCP W those settings that admin workspace doing that. You hoping there'd be something similar there really isn't anything could find. And made know, very seamless. found documentation. Related connecting Macs accounts LDAP, secure which is, I'm glad secure. So, this that's where we'll focus if anybody, guys questions about, GCPW, credential provider Windows, can discussions but think people discussed you've probably done sessions around max. We do use Mosul MDM. Formerly a monkey. used monkey quite few years then switched couple ago big part trying get fall followed google's instructions i'll show automate MDM know. scale out because 400 max even 15 min per Mac, becomes huge project hurting. So. Anyway, so. does one K 12, expensive we're already kinda, spending our management. didn't want they 12 product there. in school, others too, 3rd parties provide same service, completely free. doesn't require this. In or outside any use, manually, terminal commands. look here. Any version education fundamentals version, pretty much going high level, talk process bit. 1st thing is. Configure workspace. For under apps LDAP console. Is set up. several things. But them. generate deploy certificate. there's tools download certificate Google. convert compatible P command upload Onto I've automated configuring MDM, into installation files. Handle dependencies reconcile permissions worked Linux Unix, machines, thing. Read, execute. good stuff. configuration profiles. Uninstall clean test. console, click bottom area security reasons wanna Go live demo simple console basically turn service on, give name. There far objects share like We're staff OU. would recommend same. Just limited organizational unit your Macs. If student, devices. may little, restrict how were devices straightforward authentication, box then, yeah, another, image gonna instructions. wanted basic run terminal. To file it. once keychain application. you're straightforward. now let's you, slow me down stop whatever. fast sometimes. questions. There's say provides link, I'll send link chat, Zoom chat. walk those. step by will though lot deployment. easier. saved. Quite Mosul, management, profile. custom different. an Acme profile left Oh. different profiles Mosul. The only slash Management 1 uploaded whatever OUs groups to. familiar create shared device That, takes care. point, we've. Configured Ldap Admin Console. We've exported created have. Okay. Through accept. queries. At Mechanism point place easy thus far. scripting. change depending Apple remote desktop, Unix Utility works well. Obviously scripts management allows put commands demand schedule. kinds ways cool works. am facilitating work. email them you. package using. anyway, test panel came handy debug. Remotely 4 campuses. when testing deploying it, lot. It's fully now. everything what's called single shot. schedule ahead time wipes It installs size full blown, much, Hands off deployment cool. had, issue get, Kind negatives struggles had. One Python, newer OS distributions don't support. Python scripting Google's And, 2 options modify script pi app python converts deploy. it's, open source utility execute Python. almost compiling. also Xcode simplify possible, nice reason Pi app. wouldn't tools, line tools. required native their Google, said, official LDAP. From computer technically computers. choices. solution number compile else or, install hopefully you'd remove done. I'm, did. went path app, ran too many obstacles folder end RM, UNIX way. did not phone group. A Homebrew developer updates software Mac. here's touch update. grab Reddit. post Trying figure easiest way to, Clean modified one. Custom removed aren't available. After second Install mainline reps sets connects server. kinda dependencies. we, using, days on-prem FTP servers, don't. okay Drive server learned. less than 50 meg my were. Then the. format, top URL curl, curl command. Which Unix. Or pass URL. doesn't. zip everything. did, playing with, still messing reposit repository. prompts interactive files alert message says can't scan viruses. Do continue? bypass prompt meg, API, API. name messed How URLs those? gotta rename back that? around. mean key export file. copy link. Embedded ID. whole every ID, these wanna. cloud based needs public access You'd never proprietary passwords utilities any. sensitive information great. if, Drive. Click file, share. copied ID sharing paste here format. creates browser command, it'll automatically without 50. answer question there? does. curious. certain really. cause nice. old days, keep non-prem hosting Wonder Gitlab GitHub free, free services there, like, got it's. least rest, repository then. thing, Transfer make sure understand When done, goes setting mean, list, just. Wipe wipe device. scripts. runs completely. offline, night usually somebody eye rebooted one, section mobile account log internet access, connection cut mobility. deprecated 1011. worked. latest. 14 mac OS. working, thought, what, try last doing. again, scheduling running. home another manually. remember. These shots. Like creating do. reboots. right actually. do, o'clock, 5 6 o'clock 7 Force add each reboot they. Login prompt. That's improve. getting PI Figured it'd anybody out, that'd multi-factor currently. accommodate multi factor authentication. Password changes messy forced password Can handle login screen. cannot couple. Disadvantages Hopefully MFA limitation. necessarily But, future? We'll 30 day window password. they'll Chrome next new far? everything, G Genterson Addison CSD. Dot org. running, can. Find way, L yep. comes document. Most generic Yeah. Oh, Greg? Craig. pointing hidden entire screen assuming. Yep. sorry, okay. Okay, search Ldap. popped help. down, most information. not, certificates. handled out. here, expand generating. generates handles Pointing looks like. Once into. Users ldap. com My. My system authenticating against then? Does have? side, exactly beauty users perspective. Whether local versions macos. There's, red dot green login, username. Now header No, camera, screen, dot, connected Open Director utility. Nice. hitting my. policies Modifies you'll both. deploying, either. stab directory, tried learning curve involved Hello. systems reloading. scratch through, re-imaged loading experience. Are having user account? Nope. automated. user. that's, area. remember specify forward execution. slick, but. no hands all. questions? well Chash, about. have, Scott. thanks, break announcements. today, quiet, Daniel, Really? kindergarten graduation tomorrow. Somehow roped filming sorry. hang second. Hey, Greg. screen? ahead, Daniel. graduation. sign means close year. month week Senior laptop week. refresh summer finalize workflow on. On, unboxing, putting uploading students. all, feel comfortable. Setting up, 2, 3 weeks good. I'll. hard manually typing Passwords Pulse switching year yeah nothing Nothing real exciting saying earlier problems maps testing. map Kids kicked off. turns spinning wheel. Speech ball Restart backlog running clients purchase. say, instead doing, wow who rebooting Turn Wi-Fi start. Turning problem be. issues? ours hitch. Same No one's told anything. happening AP something, sounds environmental specific issue. throwing thoughts hear What? Sure, no, they're beach reboot. kiosk somehow. Maybe points tonight. Makes just, manages points, seem be, active. Well, Morocci points. before. Moraki once. looking. troubleshooting realize Last firmware updated July June. setup update it? think, 90 apply itself. don't, somewhere looked said ignore. logging dashboard. sometimes some. Update come warning hey forget ever gets updated. situation. updating equipment. contact upgrading. apart supposed or. available network. However, scheduled. wish. upgraded Monday, June, 19, th 2023. morning. I, maybe choose often Good dandy, better hit ones. can't. call funny switch AP. later release dashboard can, need switch. Cisco mine unfortunately find setting. under. Under network industry general. Network wide bowed. Couple pages down. says. Yes. dashboard? version. Because mine's organization, monitor, upgrades. let look. spot. Hold looks, at. scheduled changes. MDMs. versions. newest Of UI. seeing sticky notes something. me? love, love sec. see. wasn't copying notes. upgrades, See, obviously organization Here run, 29 1. overview. upgrade path, patch latest? Thank here? stable, release, beta, available, information? Fred. No. wireless sensors, quick, across phenomenal sad allow particular chooses its own staggering sort. Correct. See next? staggering, switches not. longest switches. routing whoever initially internal DNS first.st during process, couldn't reach locked we. You. ones too. problems. yeah. notice cameras sensors. yesterday. sensors fairly inexpensive. licensing. Get level T licenses temp humidity organization. their, MTTEN, CDW price. They're hundred $120. connect MR via low latency Bluetooth. plug MDF wherever program MR's attach Wi-Fi. finds license threw case interested manage temperatures rooms. temperature wind room. occasions. heater press box. football field. Theater negative computers sound equipment luckily able, able shut 5? yep, shutting Hmm. A/C your, Be rooms Possibly refrigerators, freezers They refrigerator model. MT. 11 reads 40. peel, port. double batteries years. town. rid room alerts, ports, pay yearly fee. else, Daniel? Phil. want, MT 10 try. mind Wireless. an, buy, $60, make, still. she deep weeds Right, hold got. turned camera. option of. When, use. little. USBC power ethernet. power, sensor happen MR, Access Moroccan cheaper. weird, alerts. 70 apiece subscription. 150 apiece, 130 life Iraqi. additional 30, license, 130. alerts text messaging, Neil, else? Oh! Phil, became hated victim vermin snake district. decision faculty giving books. span, saving us 65, $70,000. It, figured 99% teachers Chromebook. Chromebooks long Lenovo. released yet. It's, educational Flex 5. processor tablet mode. fingerprint, 500 bucks. faster, smoother, so, knife dark alley, would. bet. brainstorm surprised schools opted faculty. products faculty, art, AD Windows. 200 needing protection, 242 51. licensing save cost move 51 AD? Right AD. Azure Intune. internationally device, manager settings, goal camera system. view actual footage requires won't after buildings built. base Fakat except main business office, Excel. they, debating Looking broke comparison PC cheaper antivirus tune span $20,000 savings versus ahead. comment previous conversation. Muraki account. 100 legacy Ipads order service. included. Yup. iPad What to? Morocco points? switches? iPads when. question. Would why roll market automatically? enroll serial Exactly roles. connection, enact, yeah? thinking. I'd curious unit. Bluetooth types MR. our, connect. older 40, 52 will. 6. introduced Bluetooth, might, are, took mine. Cool. plugged access. suggest rocky dashboard, Morocci. right. won't. Try happens. adapter. adapter Right. iPads, gave they've taken away. paying grandfathered in, I. school small, Jamp $9 includes iPads. internet. MBM $20. MacBook. includes, call, protect. EDR. person. AI driven, EDR, antivirus, gen, included price $20 $30 alone EDR anti-virus, licensing, adds Chromebooks. Chromebook Leno, hadn't yet downs, correctly. likes change, matter hand, oh, such deal. initial shock change. ready distribute 1,100 guys. them, Lenovo, E's. laptop. 12.2 edge physically smaller. clamshell 11.6. size. flip around? 60. a, associate. bigger itself inch smaller wise. was. another. 120 teacher. ask Scott, changed AAA governor decided heard passed eyes T's miscellaneous hear. eventually governor, signed law. April. Sometime On ultimately special ed. ed Aa's percent money And. 90%? year, schools. DA's always has. Next money, 90% AAA? services. end. Me technology. Instructional text. Media budget dropped 60% schools, 40% ADA. part. Best 100% money. Goes earmarked general fund. determine funds timing pass, rule making. going, law writing rules pieces funding hasn't changed. yo, tell cut, 35 million dollars dollar amount equal was, percentage same, fee scrambling like? departments stuff, Technology paper services, Sure. second? Hi, Mikey. Did knock door? Sorry worries. Train thought derailed nothing's changing right? 20, 1, st 2024. That'll normally extra cuts. administrative overhead revenue. custodian who's maintaining buildings. Really he revenue expenses deal worried housing Jam C. notifications yet, continue hosting. James's benefit Function. but, hope current. subject currently host GMC June 2025. time, actively discontinue Grant Wood care infinite campus state. JMC, anyone JMC largest student Per district state Iowa. chance HLP? believe remembered list Cause hosted direct. imagine. Yep, 2526 60 40 kicking Special media instructional support survey superintendents asking state? planning AEA one? renew notice, guess, Swiss. while longer happening. trouble legislators cared half report address Harris Park themselves. curiosity? Fair enough. website Harrislp. online jams. Easy borrow user, within weeks, huh? sending requests for. envision offerings. prepay hours. 16. Prepaid 16 HA 96 h month. pick encourage that'll lowest. best Let's buy 20 h. paid hundred, $90, $120 over. prepaid, ad hoc $80 hour. guarantee enough contracts solid Doing talk, Could buffer Alrighty. Mr. Polly, Not much. return giant mess. Good. throughout summer? teachers. As contract, summer. lease rip babies arms. You'll personal man? Zen apologies, orchestra XCP NG phase contract. play. Vmware until servers. honestly. since Jason VM been? ago, Jason. more. instances contact. probably, times. perpetual license. keeping hardware. letting lapse subscription stops working. now, indefinitely. hardware breaks supported 8. losing By being major Technically, SAN, direct storage data stores recently sort, party Vsan calling V-center died Vmware. lose storage. advanced stable. Think times mess emails keeps telling Broadcom Good, already. spot, forget. logged completed. yes, ISO images happens you're, support, shouldn't pack files, Somebody someplace. school. cleaning go, should smooth. Sounds fine. week, a. Present vendor presentation ref tab. asset track allowed presenting, unique watching YouTube videos ads Let video video. appointment demoing. interesting IT Sniper. has, things, devices, accessories. control needed, built interesting. join Have awesome later.