While NoMAD and Jamf Connect can do some similar functions, the choice between the two primarily comes down to using Okta (or other identity providers) for authentication with Jamf Connect or using AD for authentication with NoMAD.
For organizations deploying Macs to single users that are often off of the AD domain, Jamf Connect offers a number of features that allow for a smoother workflow.
- Users never need to actually connect to the AD domain. All authentication is done via Okta’s publicly available endpoints.
- Jamf Connect supports multi-factor authentication requirements. NoMAD has no support currently, or planned, for multi-factor authentication.
- Jamf Connect can get Kerberos tickets, but NoMAD can’t get Okta tokens.
Jamf Connect is designed to work with local-only accounts when keeping the password synchronized. If you still are using mobile accounts on your AD-bound Macs and have Okta synchronizing with AD please talk to us about the best workflow for that situation.
Running both applications together
It’s perfectly feasible to run both NoMAD and Jamf Connect in an organziation. While running them at the same time on the same Mac might be a bit strange, both applications would run independently and not interfere with the other. Both applications have different preference domains as well, so the configurations do not cross.
Similar to NoMAD and Jamf Connect, NoMAD Login authenticates users to Active Directory whereas Jamf Connect authenticates directly to your Okta tenant.
The two products share a number of common features like FileVault enablement, just in time user creation, user account de-mobilization and other features.