Conditional access with Jamf + Google Cloud BeyondCorp

Learn how the partnership between Jamf Pro and Google BeyondCorp enables you to construct a compliance and security framework around end-user devices, blending Jamf’s device management with Google’s endpoint management security for a comprehensive, cloud-based, Zero Trust solution.

February 15 2022 by

Tim Herr

An unattended MacBook on a table in a bar

Exciting news for Mac users working with Google Workspace and the Google enterprise ecosystem generally: the integration between Jamf Pro and Google Cloud BeyondCorp is now available!

This much-anticipated result of the partnership between Jamf and Google uses conditional access to construct a compliance and security framework around an organization’s fleet of end-user devices. Google provided an overview of the integration at JNUC 2021, explaining how it allows IT admins to move beyond a network-based security model, to a Zero Trust solution suited to today’s increasingly remote-first work environment.

Get started with conditional access.

Jamf + Google work better together with conditional access

BeyondCorp is Google’s approach to security architecture, employing user- and device-based workflows for authentication and authorization, instead of relying on network segmentation to safeguard sensitive information and applications. In this Zero Trust model, users and devices must be authenticated every time they attempt to access a resource, but on-premises and remote access is available regardless of what network they are using. BeyondCorp makes authorization decisions by relying on contextual information about the user and device. While Google’s endpoint protection software and Chrome provide this, Jamf mobile device management (MDM) can provide additional critical information about device compliance.

Prior to the release of this integration, admins sometimes managed their devices in Google’s basic MDM solution in order to gain the security advantages provided by context-aware access. The concerns about access to sensitive resources by unprotected Mac devices have not slowed down. This new integration now makes it possible to use the industry-leading tool for Apple device management, while simultaneously increasing organizations’ Google security posture.

Mac admins are increasingly aware of the need to create multi-tier security protocols that integrate entire IT stacks. Jamf contributes by generating compliance data, such as information on whether a device is managed or compliant, that it relays to BeyondCorp, adding to its context-sensitive capabilities. This ensures that only trusted users, on secure macOS devices, can access Google-protected resources. For example, an admin can require that only devices running the latest version of macOS with FileVault enabled are allowed to access Google Drive. Jamf makes it possible to get the most out of the marriage of Apple hardware and Google enterprise software.

What are the requirements for the BeyondCorp integration?

To take advantage of this integration, you’ll need to use Jamf Cloud to host your Jamf Pro server; proper licensing is required for the Google software covered by conditional access. At this time, the integration is for macOS devices only.

You’ll also need to use Chrome as the browser for each Mac under this arrangement, with the Endpoint Verification extension installed on all client devices. Fortunately, the BeyondCorp integration isn’t the only way that Jamf works with Chrome and other Google offerings. Take a look at the numerous ways in which we smooth and enhance the connection between Apple and Google.

Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.