FreeRADIUS vs. Jamf Connect

FreeRADIUS is completely scalable and supports both large and small user databases. Because it doesn't take up a lot of server resources, FreeRADIUS is well-suited for organizations with small budgets (it's in the name!) and limited networking hardware. While there is a port of it for Windows, FreeRADIUS is native to Linux so that would be a limitation for many companies who don't use it.

Jamf Connect works particularly well in our lab environments where the central "source of truth" for student accounts is our Okta IdP. As Apple has recommended moving away from Active Directory binding (which was our previous source of truth for authentication) we needed a new central way to manage this function. Okta worked well for other services on campus, and it was a smooth integration to make it work with Jamf Connect for virtually all use cases on campus (we still have a couple of NAS/SAN systems that require Active Directory).

Incentivized

• FreeRADIUS is easy to configure
• It is fast a lightweight footprint on the server
• FreeRADIUS works universally with other systems that support radius authentication

• password sync works very well
• regular updates to Jamf Connect with improvements
• small and simple tool
• Account creation is now on next level after we don't need AD Bind

• FreeRADIUS requires a 3rd party interface to make it easier to access (we use Daloradius) - it would nice if it was built in.
• Installation and configuration are pretty easy and straightforward but does require connecting to a database which can be cumbersome.

• More control over local access for non-cloud accounts
• Does not handle password changes made directly in Okta very smoothly
• Setting up configuration is a bit opaque to non-IdP personnel

Incentivized

It is almost a certainty that we will continue to use Jamf Connect, even with Apple coming out with Platform Single Sign On. Jamf Connect provides several features that PSSO does not, such as "just in time" local account creation and automatic synchronization of enterprise credentials. It is unlikely that we would investigate other options at this time or in the near future.

Incentivized

Jamf Connect is quite easy to use and has the necessary options on the login screen (such as WiFi network connection) for getting connected and authenticated. It has a simple to use menulet that allows password changes and resets as well as temporary elevation, all with very clear workflows. It also allows us to assign field staff to their client users' computers so that they can provide support without having to resort to LAPS accounts.

Incentivized

The only other product we evaluated was Xcreds from TwoCanoes software, which is essentially a one person shop. We already were Jamf Pro customers, and Jamf Connect fulfilled all of the requirements for this function along with providing professional customer support. Since we already had a relationship with Jamf, it made perfect sense to add this product to our toolkit, and keep technical support contained within one organization.

Incentivized

• We previously used Microsoft Network Policy Server for our RADIUS authentication which works ok but was pretty clunky and requires Windows Server. Switching to FreeRADIUS brought our cost down to zero.
• Because FreeRADIUS works natively in Linux it's easy to setup and works with all distros.
• FreeRADIUS allows us to have user authentication for wifi which is much more secure than a simple shared password solution.

• we need more time to understand how Jamf Connect and the configuration "really" works