A day in the life of an IT professional is rarely ever the same. That’s especially true when your organization (or clients’ organization) grows and new challenges arise. JumpCloud recognizes how growth acts as an inflection point in how IT is managed, from the user identity lifecycle through to device management and reporting. As such, we’re adding new enhancements that translate into greater usability for admins and users, and help to scale IT to make your operations more seamless. Ultimately, you’ll have a greater understanding of what’s happening across your organization, which helps to build a strong foundation for your team to accomplish more than ever.
We’re also excited to announce several new beta programs (a JumpCloud first) that will introduce significant new capabilities to greatly enhance your JumpCloud experience. For example, you’ll be able to consolidate your IT workflows to make better use of your time with the following new features: a new asset directory called Remote Assist (it does just what it says) and a revamped admin mobile app. We’re seeking your engagement and contributions to these beta programs, and our new JumpCloud Community forum will serve as a sounding board for your feedback and ideas.
What’s New in Q2 ’22?
This next section offers a high-level overview of what’s coming this quarter.
In Q2 2022, we’re delivering new JumpCloud features to make identity and verification easier. This comes to life through more accurate automations for staging and managing group memberships, broader interoperability with Google and Microsoft (or identity consumption from any other application), and several new methods to secure identities.
New methods include delivering multi-factor authentication (MFA) everywhere, on every IAM service that we provide, and adding checkpoints to verify who users are along the way. Single sign-on (SSO) will be broader and more open, with support for OpenID Connect (OIDC) and ways to simplify and accelerate SSO adoption overall. JumpCloud delivers strong MFA that’s backed by rules that are tailored to the resources you need to access.
Unified Endpoint Management
JumpCloud will become a single pane of glass and source of truth for all assets that IT admins care about by delivering a full-stack endpoint management solution that treats mobile devices as first-class citizens, and includes expanded and more flexible reporting capabilities for easier compliance and activity logging.
Setting MSPs Up for Success
In the same vein, MSPs will receive even more integrations for billing and operations, as well as more flexibility to help their clients grow alongside JumpCloud.
The following offers a deeper breakdown of each of the new product area improvements.
Automating the Identity Lifecycle
Our objective is to automate the management of the identity lifecycle across all resources. That’s accomplished through several changes designed to simplify user creation and eliminate some extra work or workarounds that were necessary to create user identities. New user creation is also far less of a manual process, which helps to save time and reduce errors.
Attributes Accelerate Identity Onboarding
You’ll soon be able to govern access by selecting which attributes will be managed and the directional flow of a user’s identity for Microsoft 365 and Google Workspace. Another significant change is the ability to manage groups and edit memberships with M365. Directory integration becomes much easier and will allow you to migrate from Azure AD to JumpCloud with fewer steps involved.
JumpCloud’s smart group suggestions, powered by attribute-based access control (ABAC), will become more accurate with the inclusion of these attributes, because attributes enable you to build customized group membership rules. Just imagine: you’ll no longer have to maintain nested groups! Automation also has security benefits, safeguarding against accidental overprovisioning or, worse, accounts that have been forgotten.
We believe that it’s critical to build out automated workflows for our users. In fact, JumpCloud will ultimately become a platform of orchestration and automation, with triggers for any number of events (not just enrollment) that make life easier for IT admins. Admins will assign meaning to actions. User enrollment is among the initial areas of the platform where this ethos will surface.
One of the building blocks is to allow you to easily consume identities from apps with a token-based REST API. JumpCloud has built a generic HRIS REST API import connector, so identities can be imported from even more identity sources. The connector improves JumpCloud’s capacity to stage users’ onboarding and offboarding.
For your convenience, we’ll be including pre-built integrations for Personio and Namely this quarter to help you scale efficiently and securely as your organization grows. JumpCloud announced a similar integration and partnership with BambooHR last quarter.
Authentication can involve something that you do, something you are, and something you have. Support for biometric authentication devices addresses each of those principles to secure your most critical resources.
Our approach balances security with usability. Admins can turn on mobile biometric as an additional factor in JumpCloud Protect™ to protect critical resources. Users need to verify their identity using mobile biometric or passcode/PIN after approving the request.
MFA only works effectively when it’s turned “on” and present in IAM solutions. JumpCloud is extending where and how our MFA operates to reduce the risk of unauthorized access.
The statement “trust but verify, ” a pillar of Zero Trust security, now applies to all JumpCloud services with the introduction of MFA for LDAP and RADIUS. This will enable you to protect network gateways such as VPNs. Other use cases include securing access to your firewalls and network-attached storage. This JumpCloud Community post outlines how you’ll soon be able to add Push MFA when logging into a SonicWall device. That also makes it easier for IT teams to cope with personnel changes.
Our Zero Trust story is only growing stronger. JumpCloud engineers are in the process of making it possible for admins to combine RADIUS with digital certificates to identify and authenticate users, deploy machine identities and cloud identities in Q3 and beyond.
These capabilities add assurance that access control such as SSO remains secure.
We’re pleased to be offering simplified and secure user access to more applications using a single identity with expanded protocol support for OpenID Connect (OIDC). OIDC extends the OAuth protocol to help your applications verify user identities and exchange profile information through OpenID providers. Application developers favor this lightweight approach because it’s highly scalable, flexible across platforms (especially mobile), and simple to implement.
We’re also delivering flexible SAML configurations with alternative mappings (SAML Subject NameID), and more pre-built application connectors. Some of those are listed below.
The features outlined above automate the user lifecycle at every touchpoint, which is significant because users access resources over many devices, no longer just a PC.
Device management is receiving enhancements that will also extend automation and security cross-OS, everywhere your users are working. We’re launching Commands 2.0 to centrally manage desktop devices, we’re delivering extended deployment flexibility for Windows, and we’re extending mobile configuration governance.
Together, these changes help IT teams migrate from AAD and AD as well as present an opportunity to consolidate multiple unified endpoint management (UEM) solutions into one product.
We’re making commands work better for admins to centrally manage all desktop operating systems with greater predictability and reliability. This is especially helpful for roaming devices. Commands will ultimately become tightly integrated with automated workflows.
The key changes for commands in Q2 are:
- Setting the previous 10-minute job expiration to a default of 10 days from issuance
- Selecting a TTL for every command that you issue, from an hour to 10 days
- View the queue of commands as they execute on your devices in new ways; this provides visibility into which devices have yet to perform an assigned task
JumpCloud is leveraging Apple’s Volume Purchase Program (VPP) to more gradually manage how apps are delivered to iOS and macOS devices. With JumpCloud, it’s now possible to:
- Assign apps from App Store and macOS
- Control flow of corporate data into personal apps on managed open devices
- Set a custom configuration for each app
Automation and Security
The JumpCloud platform is on a larger journey to establish presets for compliance baselines such as NIST and CIS Controls, and this quarter is laying the groundwork to make it possible. This means enterprise-level security will eventually be just a few clicks away and accessible to SMEs with JumpCloud. We’re starting with comprehensive cross-OS patching in Q2 and then moving toward high-priority apps. Commands and configurations will bring everything together to help you meet compliance standards.
Unified Patch Management
Most enterprises have heterogeneous fleets, running multiple operating systems. However, this real-life scenario isn’t always serviced by system management tools. JumpCloud is stepping in with a unified patch management console, offering full OS parity, beyond Windows desktops. Linux and Mac devices are a high priority for Q2, and we’re delivering an experience that’s best suited for each OS, to balance usability with security.
There’s now visibility into all Linux distribution OSs.
- Ubuntu patch management has been simplified
- Flexible options to secure Ubuntu end-user workstations with both major and minor updates
macOS patch notifications (or nudges) will receive new customization options, including:
- Replacing the JumpCloud logo with a custom logo
- Modifying notification text
- Implementing different notification templates per use case (major vs. minor)
Patch Policy Report
Reporting has been enhanced to reflect JumpCloud’s unified patching approach. OS Patch Directory Insights Events are recorded in an interface that enables you to view and filter updating events, export and share the overall patching history, and view the OS patch policy impact with the OS patch event explorer. Take a look at the overview of patch activity below.
Remote Assist Beta
JumpCloud is in the process of testing a critical support escalation path for remote workers: integrated remote assistance. The obvious benefit is that IT teams will no longer have to invoice yet another tool. It also reduces overall administrative burden through IT tool consolidation.
Remote Assist is built to be secure (and respect privacy) with a workflow that requires end users to enter a unique Session Key as well as grant permissions to share their desktop and control over input devices. Support admins will have the capacity to work from the command line to troubleshoot system problems.
It should be easy to access your data within the appropriate context. Thousands of events can occur on a single device, so we’ve focused on surfacing the most pertinent information in a way that’s easy to understand, actionable, and offers the ability to share data (as required).
Asset Directory Beta
A common request we hear is to “please get us out of our spreadsheet.” Our objective with Asset Directory is to provide a single pane of glass and source of truth for all assets that IT admins care about. It starts with importing information from JumpCloud’s device details page, but you can also tag custom assets. The primary focus will be on devices, software, and SSO apps.
You’re in control of what’s cataloged with the following import options:
- Import assets via CSV and View list of devices
- Add asset attributes from device details page
- Add custom asset attributes to devices
- Import list of devices as assets via CSV file
JumpCloud’s console helps you to work more effectively with the inclusion of widgets that offer “at a glance” visibility into events that require your attention. An investigation page drills down into the appropriate mediation options. The watchwords are: alert, investigate, remediate.
The first round of new widgets will include:
- User lockouts
- Expired passwords
- Upcoming expired passwords
- Unencrypted devices
- New users (past 7 days)
Reporting will be focused on information that admins should know in terms of what’s occurring within their IT infrastructure. That’s significant given the increased threat environment from recent world events. New reports include New Users to SSO Applications and an OS Patch Compliance report.
New Users to SSO Applications Report
Reports are being targeted to some of the most vital pieces of information for Zero Trust. Having visibility into which identities are accessing which applications helps to validate access.
- This report lists which users have access to each SSO Application managed via JumpCloud
- Allows admins to quickly provide an accounting of SSO Application access for audit or other reporting purposes
- Further augments JumpCloud’s Users to Resource reporting category
OS Patch Compliance Report
- Lists all the devices that adheres to a specific policy along with Policy Status and OS Version installed for each device
- One report for each policy available
- Is available via JumpCloud APIs as well
Stored Reports Queue
JumpCloud is making it possible to export, store, and download reports at a later time. The practical benefit for JumpCloud users is the ability to return later to reports that take longer than usual to complete. All reports are now retained for a seven-day period.
MSP: Multi-Tenant Portal (MTP)
The MTP is being extended for our MSP partners’ business needs. New integrations for billing and increased visibility into your client base are being added this quarter. For instance, MSPs will be able to allocate licenses across their organizations, or allow for overages. That means it will be easier to manage client growth with fewer orders and billing adjustments.
The integrations we’re delivering in Q2 are:
- Autotask PSA billing integration to monitor factors such as Cost Per Seat and High Water Mark on a daily basis
- ConnectWise Manage support is also coming soon
Test JumpCloud’s Latest Features
JumpCloud Community is a new resource to ask questions about our beta program and collaborate with your peers about the new platform enhancements and our roadmap. We take customer feedback very seriously and your needs dictate our feature improvements. Our goal is to ensure that we’re solving problems for you and being responsive to your requirements.