By Zach DeMeyer Posted August 21, 2019
Welcome to the August edition of the JumpCloud® Newsletter! This month we talk about new SAML features and connectors, a host of new Windows® Policies, as well as a selection of new Early Access features, and more! You can find a more technical breakdown of our recent releases in our monthly release notes.
Active Directory® Integration is in Full Swing!
In case you missed it, JumpCloud’s Active Directory (AD) Integration feature is now live! AD Integration provides organizations with the ability to bi-directionally sync users, passwords, and their group assignments, between AD and JumpCloud. Organizations can use AD Integration for the purpose of authenticating AD users against JumpCloud’s cloud-based authentication services. The AD Integration feature is broken into two parts:
The AD Import agent is downloaded onto your AD domain controller(s). With AD Import, admins can propagate their AD credentials to non-domain, JumpCloud-managed resources like Macs, Linux servers, web apps, and more.
AD Sync, a Pro add-on feature, utilizes an additional agent that enables users to manage their own password changes from JumpCloud into AD, making managing identities between AD and JumpCloud a breeze for users and admins alike. This is especially powerful with macOS systems where users can leverage the Mac system app for password updates.
If you want to learn more about AD Integration, please contact your Customer Success Manager, or check out our AD Integration webpage.
Product Update: SAML Auto-Certificate Generation
Previously, for JumpCloud SAML connections, all public IdP certificates and their associated private keys had to be manually created. We’ve simplified that process by generating SAML IdP certificate/key pairs automatically in JumpCloud.
Admins will no longer be required to manually create cert/key pairs unless they choose to do so. They will also be able to download automatically-generated certificates, as well as replace cert/key pairs as necessary, such as when certificates expire. To assist with this, our SAML connectors will also show certificate expiration dates in the admin portal UI. You can read more about this new functionality in our Knowledge Base at the link below.
Reduce End User Friction with Password Expiry/Reset Update
We’ve been hard at work to create new ways to automate the development of our Policies for Windows systems. We’re excited to say that our work has brought 1600+ Windows settings into JumpCloud, which are grouped into 150+ new Policies. You can check these policies out now in the Admin Portal and leverage them to better secure and lock down your JumpCloud-managed Windows endpoints. As we continue to invest in this space, we’ll provide you with even more ways to protect your fleet of Windows systems (and, Mac and Linux, too!). You can learn more about these new Policies, as well as our existing ones, at the link below.
For more about all of our recent improvements surrounding password expiry and account lockout, please read more in our recent blog below.
New SSO Connectors
You can read more about JumpCloud’s SAML SSO Connectors, or find information on our other pre-existing connectors at our Knowledge Base. If there’s an application you’d like to see a SAML connector for in JumpCloud, please submit a feature request or consider using our generic SAML connector.
Enhancements to LDAP, RADIUS, and G Suite Endpoints
As a part of our recent push to improve end user password self-service/expiration, we have been improving the expiration behaviors of G Suite, RADIUS, and, most recently, LDAP endpoints that are tied to a user with an expired JumpCloud password. Admins can now configure how they would like these endpoints to react to expiration in order to streamline the process for both admins and end users. Click the links to each respective endpoint above to learn more.
Early Access: macOS Password Sync Tool
A new feature that has recently entered into JumpCloud’s Early Access testing program, is the macOS Password Sync tool. This functionality uses native Mac notifications and the JumpCloud Mac app to alert end users when their Mac system passwords (covering FileVault, Keychain, and the system itself) are out of sync with their JumpCloud password. As Mac admins know with the introduction of Secure Token, ensuring that macOS users are fully in sync is critical. If a problem is detected by the macOS Password Sync tool, end users can then change their passwords directly from the JumpCloud Mac App to rectify the situation.
By introducing this feature, the process of resetting and resyncing a Mac password will become more streamlined, making it easier for end users to self-service update their system password and to change their password directly in the Mac App. We plan to work closely with macOS admins as we launch this critical piece of functionality. Stay tuned for a more detailed announcement coming at the end of August. In the meantime, you can learn more at the link to our Knowledge Base below.
Early Access Solution: Active Directory Migration Utility
The Active Directory Migration Utility (ADMU) is a new utility from the JumpCloud Solution Architecture team. The new tool is designed to help organizations migrate Windows systems from an Active Directory domain into JumpCloud. This tool assists admins with the migration process of Windows domain bound profiles to local system profiles. It also automates leaving a Windows domain and the installation of the JumpCloud agent on the Windows system.
The utility was built with large scale deployments in mind, and can be deployed in a number of ways. These include intuitive GUI, command line, and PowerShell formats that can be utilized by PSRemoting across entire Windows fleets at once. The tool is currently in Early Access with the goal of obtaining customer feedback across various environments and use cases. If you’re interested in learning more about this tool and participating in the EA period, please reach out to your Customer Success Manager.
New Support Site
JumpCloud is pleased to announce that we are in the process of migrating our current Support website to a new and improved one, which will go live around the end of this month. Our new site will have all of the features and functionality of the existing site, however it will be more user-friendly for our customers and partners.
This site also paves the way for our Premium Support customers to submit, update, and check the status of their support tickets. The new site also allows us to design and develop a JumpCloud Community where customers and partners can share solutions, tips, and tricks.
If you’re interested in learning more about our web case management community, please contact your Customer Success Manager.
JumpCloud PowerShell Corner:
Backup your SystemFDE Keys Today!
Welcome to the first edition of the JumpCloud PowerShell Corner, our monthly installation detailing the many ways you can use the JumpCloud PowerShell Module to automate your Directory-as-a-Service instance.
Are you leveraging one or more JumpCloud Policies to manage encryption across your Windows or Mac fleet? If so, you can now use the JumpCloud PowerShell module to backup and store the system FDE keys for these machines in escrow. Put a contingency plan in place in the event that a system is removed in error and leverage the PowerShell module to securely back up these keys today. Read more at our PowerShell GitHub repo.