By Jon Griffin Posted July 3, 2017
There is a lot of technology within education – whether at the university level or K-12. However, there is not a lot that helps you manage it all. Microsoft’s Active Directory® has long been the solution, but as IT admins know it is less than ideal when other systems like Macs or Linux are in play, or when web applications like G Suite are used. These challenges force K-12 IT admins to look for innovative new solutions to their directory issues. Fortunately, a new product has emerged in the cloud directory space called Directory-as-a-Service® (DaaS). This cloud based directory has the capability to manage all of your systems, numerous web applications, and SSO services. With plenty of dedicated solutions for education, JumpCloud is an ideal IT solution for many education environments.
How JumpCloud Eases Management
Modern IT infrastructures often utilize multiple separate directories, each of which contain their own user store. These “mini directories” are contained both within apps like G Suite / Office 365, within infrastructure such as AWS, and within networks. This isn’t a problem when you only have a small number of users and systems. But in the education environment, where users number in the thousands and are constantly changing with each semester, managing multiple siloed directories is terribly inefficient
What education IT admins need is a centralized, authoritative directory that can act as the single source of truth across the whole school or district. That way, when a change is made to a user, it is reflected across all infrastructure in the organization.
This is where a cloud directory can help K-12 IT admins. The epicenter of JumpCloud’s product is a cloud-based directory. It acts as the authoritative source of truth across all your users, systems, apps, and networks.
For example, let’s say you’re onboarding a new student and they need a G Suite account. JumpCloud leverages G Suite APIs to centrally manage Google identities. A change made to a user in the JumpCloud UI will be automatically provisioned and reflected in G Suite. You can see how this works in the demo below:
Overview of Directory-as-a-Service for K-12 IT Admins
When we look at our cloud based directory service, we can break it down into the management and oversight of three distinct object types:
When talking about our cross platform system management (Windows, Mac, Linux), the first action on the operating system is local account provisioning. This means that from the JumpCloud console, you’ll be able to distribute user accounts for the students to specific machines via groups. This enables you to have local authentication, or if on laptops, offline authentication when they are somewhere they need to have local resources but aren’t connected to the internet.
The second action on operating systems is command execution. From a management perspective, you as the IT administrators overseeing these systems can deploy scripts on an ad-hoc or even scheduled basis. Think of our process for managing systems not like a mobile device management product, but instead as executable code against those machines when and if you need it.
Additionally, we have the ability to log system events. This allows you to track which students have logged in and when, which is ideal if you are choosing to create a audit log. The final system feature, which is less focused to the .edu customer base but still available, is multi-factor authentication (MFA). This feature can be enabled out across all of the Mac or Linux endpoints if you require extra security.
From an application standpoint, there are roughly 140 SaaS based applications that we cover today and increasing everyday, including many that are popular in education environments. We communicate with these applications through protocols, like SAML for web based apps or LDAP for legacy products. We also have a generic SAML adapter which is ideal for those that have custom apps leveraging the SAML protocol, but are not explicitly supported by JumpCloud. Lastly, the SAML adapter allows you to tether your custom applications, and enforce that login through the SAML protocol utilizing the JumpCloud credentials. These protocols ensure that you will never be restricted access to an application because it isn’t supported.
As mentioned, we also have LDAP for legacy products. This feature is designed for those who have various applications that need to authenticate with the directory store. When the applications communicate with the directory, they can leverage our global LDAP infrastructure to authenticate.
For organizations that are really pressing hard on a wireless infrastructure, JumpCloud offers a RADIUS-as-a-Service feature. Also known as cloud RADIUS or hosted RADIUS, this feature is ideal for those that are instituting and building Wireless Access Points (WAPs) through their school. RADIUS-as-a-Service allows you to use a RADIUS backing to your WAPs, which let’s you improve security, utilize the student’s credentials to log in to the WAPs, and effectively configure all of those RADIUS access points to your RADIUS servers managed in JumpCloud. This is perfect for our user base who want a high level of sophistication in their directories, while not having the overhead of managing the infrastructure.
The added bonus is that you have the ability to effectively create groups of faculty, or groups of students, that can hit specific RADIUS servers as well. All of this functionality is capable with our cloud based user directory, and all it requires is pointing the WAPs to the correct RADIUS server.
If you would like to learn more about how JumpCloud’s Directory-as-a-Service tool can help K-12 IT admins, drop us a note. We would be happy to discuss how your your K-12 school or university could benefit from our cloud based directory service. Alternatively, you can sign-up for a free JumpCloud cloud directory account and give it a try yourself. Your first 10 users are free forever.