Customer Story: How Nym Secured IAM With RADIUS & SSH

By Nick Scheidies Posted April 29, 2019

We at JumpCloud® continue to be impressed by our customers and the ways that they engage with our product. For instance, Grab is using ChatOps to automate the management of thousands of users and systems and Tamr has relied on JumpCloud in migrating from AWS to GCP. Another great example is Nym Health, where system architect Omer Hanetz has implemented JumpCloud along with a RADIUS proxy server to grant users SSH key authentication into VPN machines. This allows Nym to take advantage of JumpCloud’s RADIUS-as-a-Service and SSH key management, while also enabling critical systems to remain disconnected from the Internet.

In order to help others with similar needs, Omer Hanetz documented his process and published a step-by-step guide on Medium under the title “Setting up SSH key authentication inside a VPN using domain credentials.”

We were so glad to see Omer’s article that we asked if he would be willing to talk to us a bit more about how he’s using JumpCloud’s Directory-as-a-Service® to unify Nym’s identity and access management. You’ll find that conversation below:

Customer Story: Nym

Can you tell us a little bit about yourself and Nym Health?

Omer: I have been a software engineer ever since I can remember. In the last few years, I’ve become mainly focused on server programming and data engineering, since I am most fascinated by complex server architectures that include high-scale computation using top notch big data infrastructures.

I am currently working as a Lead Architect at Nym Health, a healthcare IT startup based in Israel, that uses state of the art NLU (Natural Language Understanding) techniques to automate the process of medical charts coding.

What was the problem you were looking to solve?

Omer: When we started using JumpCloud to consolidate our identity management, we were looking for ways to use the same identity across our infrastructure. One issue that we wanted to tackle was to find a way for users to use the same credentials inside and outside of the VPN, for example when they connect to their development machines through SSH.

The problem was that some of our machines have no internet access. For security reasons, we didn’t want them to communicate with the outside world.

Our solution was to use a RADIUS proxy server. Here, machines inside our VPN authenticate against an internal RADIUS server. That server only acts as a proxy. It sends the authentication requests to the JumpCloud RADIUS server that performs the actual authentication.

Why did you choose JumpCloud over other options?

Omer: Personally, I discovered JumpCloud in one of my past companies.

When I joined Nym, it was already being examined as a possible solution. We ended up choosing JumpCloud mainly because of the ease of use, and the variety of features and integrations with other services. That covered both our current needs and our future possible directions.

Why manage RADIUS & VPNs with JumpCloud?

Omer: The JumpCloud RADIUS-as-a-Service feature was one of the reasons we decided to go with JumpCloud in the first place. We were impressed by how easy it was to use it, and that it worked smoothly with any RADIUS use case we had. When we were setting up our VPN, for example, it took us only a few clicks to integrate the authentication with JumpCloud using it.

Can you tell us more about your integration with G Suite™ and AWS®?

G Suite JumpCloud Integration

Omer: We chose G Suite first and foremost because of the Gmail-based mail client. Since then, we began using the G Suite SSO for many other services, and it became our main user management platform, and the first service that we integrated with JumpCloud.

We are using AWS for all our computation and hardware needs. It hosts all our development machines, and both our test and production environments, as well as our databases and our secure storage.

How else do you plan to use JumpCloud in the future?

Omer: As a growing organization we are constantly looking to improve our environment and infrastructures.

We are currently planning to add Office 365® integration to provide centralized office applications and storage for all our employees.

At a later stage, when we need to support higher volume of users and several environments, we are also planning to add an LDAP product to manage everything, and we might use JumpCloud LDAP-as-a-Service for that.

More About Nym and Omer Hanetz

Nym is the next generation of clinical coding. They’re transforming revenue cycle management, using autonomous coding to accelerate payment-cycles and improving preparedness for audits. Learn more on Nym’s official site.

If you appreciate Omer’s step-by-step guide on setting up SSH authentication inside a VPN using domain credentials, you can show it by following Omer on Medium.

Hear from Additional JumpCloud Customers

We’re talking to the admins, architects, and engineers who use our platform every day. They’ve told us why they’re using JumpCloud, what they’re doing to get the most out of it, and how they think we can do even better in the future. Watch the video above or visit the case studies section of our resources page for a full list of customer case studies.

Try JumpCloud for Yourself

JumpCloud is reimagining directory services for modern IT. Directory-as-a-Service delivers robust user and system management that supports a wide range of protocols, operating systems, and platforms. Unlike conventional directory services, JumpCloud is delivered from the cloud and requires no on-prem infrastructure to configure or maintain. Here’s a brief overview:

Watch the video below to see a short demo of JumpCloud in action, or visit our product page to read more about individual features. We also have a team of technical experts on hand to answer any questions you may have or provide you with a 1:1 demo.

Of course, the best way to get started with JumpCloud is to sign up for a free account. This gives you hands-on access to the complete platform, and we won’t even ask for your credit card information until you add your 11th user. Additional information about pricing can be found here.

Thanks again to Omer Hanetz at Nym and for all of our customers for the valuable feedback they provide and the innovative ways they use Directory-as-a-Service to secure and manage critical assets at their organizations.

Nick Scheidies

Nick is a content marketing manager and multimedia specialist. He's been studying the intersection of cloud technology with identity management, LDAP, RADIUS, and directory services since 2015.

Recent Posts