JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

How to Enable ChatOps With JumpCloud and Workato



Scaling at a hypergrowth company requires that processes become automated to support the influx of new employees and initiatives. In cloud companies where employees and devices are highly fluid, processes across IT and People Operations should be as efficient and secure as possible, especially during rapid growth. Because these workflows often span multiple apps including cloud directories like JumpCloud, human resource information systems (HRIS), and chat consoles, many hypergrowth companies turn to intelligent automation to help create an infrastructure for scaling those processes. 

Oftentimes, as companies grow, an unfortunate side effect can be that their IT systems work independently. There can be a lot of double data entry, increasing the likelihood of human error and stalling productivity. An automation platform can solve these issues by integrating multiple systems quickly and enabling workflows that allow IT and People Ops to perform needed processes in critical systems without ever having to leave their chat consoles like Slack or Google Hangouts. If you’re looking to build a ChatOps culture, companies like Grab, Asia’s hottest startup offering ride sharing, food delivery and digital payment solutions via mobile app, have turned to Workato to bring their IT business goals to reality. 

“When we researched automation and integration platforms, Workato was the only one that stood out because it could deeply integrate with Slack,” said Shawn Song, Senior Manager of IT Systems at Grab. “We also wanted a tool that could make our ideas happen quickly and save us time overall,” he added. 

How Grab Built IT Automations That Scale With ChatOps

To bring a lot of their systems together with agile integrations, Grab’s first order of business was to streamline several key IT workflows using JumpCloud, Slack, and Workato. Now, the IT team can simply type a command to Workbot, Workato’s Slack bot, and carry out different workflow automations between Slack and JumpCloud.

The solution accomplishes 3 key things:

  • Increases Security 
  • Decreases manual work, saving time and reducing human error
  • Creates a robust ChatOps solution for IT work

Streamlining Secure User Controls with JumpCloud and Workbot

Grab uses JumpCloud for user management throughout the organization. But Song wanted to create a Slack-based workflow that would allow users to securely and easily work with users in JumpCloud—without leaving the chat app. His team created several recipes (Workato integrations) that utilize Workbot. “By utilizing Workbot, we can limit the number of people who have access to JumpCloud, and the specific features they have access to,” he says.

“Before the automation, when the Cybersecurity team had to rely on the IT team, it was very tedious and time-consuming. Now, our InfoSec team is able to run queries via Workbot on a self-service basis. This is faster and more secure.”

Querying the Directory Service to Show Group Membership 30X Faster with JumpCloud and Workbot

Workbot has also streamlined the process of querying JumpCloud – so that it’s now faster, more accessible, and easy to read.

“With Workbot, we can provide straightforward user membership lists with a click of a button,” Song explains. “Before, it was nearly impossible to do this, especially when listing a large group. The only way you could get a list of all memberships for a user was via an API call and the information you would get was not presented in a way people could easily understand. Workbot now presents it in a nice format with the click of a button in Slack!”

Previously, Song said the process of gathering group membership would take about 30 minutes each time and is a task that’s performed multiple times a day – so the time would really add up. Now it takes less than 1 minute to retrieve the information in a nicely packaged format. “We’re saving 200+ hours a week of IT time based on this automation alone,” says Song.

How Grab Automates Onboarding During Rapid Growth

With thousands of new employees and growing, Song and Shing Chyuan Tan, Grab’s Regional IT Systems Engineer who oversees People Ops automations, realized employee onboarding must be automated as well. The company uses a popular HRIS as its People Ops hub, but many of its onboarding processes involve other apps like JumpCloud and their ticketing system. Because these manual workflows span several apps, they can be slow and leave new employees without the necessary provisions they need to be productive on their first day, not to mention eat up precious IT resources.

Automating New Employee Onboarding

Tan wanted to both eliminate the manual work required from Grab’s IT team to onboard new employees, as well as create a better employee experience.

“Every new employee needs a JumpCloud account. Currently, the system is based on a ticket in our CS app that asks the IT team to manually create a JumpCloud user for the newly hired person,” says Tan. “This is quite a tedious process, and there can be typos,” he continues.

To accommodate the scale of hiring, Grab uses Workato to directly integrate their HRIS with JumpCloud.

“We’re automating this process so there’s no human involvement at all, which means establishing a direct connection between our HRIS and JumpCloud with Workato and bypassing the ticketing step in our ticketing system,” Tan explains. “We can automatically detect when an employee is added to the HRIS, which will trigger user creation in JumpCloud automatically, based on that employee’s information in the HRIS.”

This automation saves time for the IT team, reduces errors, and ensures the new employee’s profile is ready to go on their start date.

Automatically Setting Up Windows Machines for New Grab Employees in 1/4th of the Time

When a new employee is hired at Grab, a PC needs to be prepared with all of the apps, systems, and configurations they need. Song explains that this took up a lot of valuable time for IT staff—especially during hypergrowth:

“It’s a big challenge to prepare Windows machines in our environment without using Active Directory or anything else. Setting up a machine is quite time consuming and usually takes one or two hours to finish. There’s also maintenance along the way. It’s a long process for our IT folks to go through on a weekly basis.”

As a solution, an automation script is run and once the script finishes, it triggers Workato to call the JumpCloud recipes. “JumpCloud deploys a bundle of apps to the machine, then calls another recipe to kick off Bitlocker encryption. This makes preparing the machine seamless. You don’t have to click anything; you just let the workflow run, and it only takes 10-20 minutes to complete,” Song said.

Overall, the automations Grab has built with Workato save its employees a lot of time and effort as the organization scales. “With Workato, we can reduce or minimize the manual work needed for these core processes as much as possible,” says Song. “We’ve saved almost 3,000 man-hours since we onboarded Workato.”

How to Create a Self-Serve Security Checkup With Your SIEM in Slack

As with any high-tech company, security is paramount. Many use security information and event management solutions (SIEMs) to house data from their entire app and device ecosystems, including anti-virus tools, identity providers like JumpCloud, and security awareness training platforms. The data from these sources could include confidential employee information such as laptop configurations, VPN usage and login data. But this information can be difficult for non-technical employees to find and understand.

With Workato, teams could build a workflow that allows employees to access their personal security information directly from Slack. Upon request, Workato will then query the SIEM for things like ‘Do they have the right antivirus installed? What were their latest VPN connections? Have there been any failed login attempts? Is two-factor authentication enabled in our IAM app?’ And it gives them a report in Slack so they can see where there are areas of improvement.

The Slack message containing the report can also include buttons for next steps—such as updating antivirus software—so that employees can act on the information quickly without leaving the chat app. Clicking on a “next step” can also create a ticket in their ITSM app, if necessary, which can also be completed via Slack using Workato.

Creating a self-service security checkup tool can empower employees to see weaknesses in security and take the initiative to fix problems on their own. This, in turn, can increase the security of an entire organization by making it easy for people to see what needs to be corrected and take action, all within the comfort of a frequently used collaboration tool like Slack.

How to Use ChatOps for Offboarding 

Across industries, offboarding and deprovisioning are just as important as onboarding, as you need to ensure that employees who have left the company no longer have access to essential programs. At high-growth companies, this is of even more concern as the sensitive data they once accessed could affect countless current staff, as well as the customers they serve. 

At many companies facing growth, IT and HR departments are siloed – meaning that if HR offboards an employee, IT may not know about it until weeks later. For users to access many of these programs, licenses are required per user or device – but with a lack of communication between departments, IT may still be running licenses in your identity provider for inactive users, wasting company resources.

As with onboarding, many components of offboarding often take place through your HRIS, granting IT the opportunity to integrate JumpCloud and build a workflow that can automatically suspend user accounts when an employee leaves

Additionally, administrators can build a recipe that pulls a list of disabled users upon command. 

“So now when you offboard, IT can say, ‘Give me a report of all the users that are disabled during this period of time,’ which allows them to deprovision their licenses with all of their previously used apps though Slack,” said Ryan Koh, Solutions Architect at Workato. “This reduces a lot of costs for IT because they can instantly recognize when a license isn’t being used and either assign it to someone else or discontinue it completely.”

JumpCloud and Workato as the New Infrastructure

Grab and other leading tech companies have built ChatOps cultures within their organizations by using Workato to integrate JumpCloud and Slack. As the domain language in traditional directories can be hard for non-technical teams to decipher, by building Workato workflows and using Slack as the UI, they’ve put the power of security in everyone’s hands and freed up IT to work on more complex, value-added tasks – not to mention that any input required from IT is now minimal. 

“From my perspective, building these kinds of integrations or automations would usually take weeks or months. With Workato, it only takes a few hours,” said Shawn Song of Grab.

Shing Chyuan Tan of Grab echoed Song’s appreciation for Workato’s speed and ease-of-use. “I used to be a programmer,” he remarked. “I know the pain of writing code. Using Workato is just fast. Everything is drag-and-drop. Setting up an automation takes about a tenth of the time coding would.”

Now, Song says, the IT department thinks of Workato as the vehicle for dispelling bottlenecks across the organization. “When we think about the future of Grab, we ask: ‘How can we automate this? How can we link our apps together?’ and the answer to those questions is Workato. It’s the orchestrator. Workato has really become our infrastructure, because everything is happening on the platform.” Workato’s iPaaS and automation platform enables both application integration and the orchestration of work across disparate applications, making it possible for the organization to centralize work in Slack.


Recent Posts
Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

Blog

Migrating Clients Off Active Directory

Migrating clients off Active Directory and to a cloud directory service doesn’t have to be difficult. Check out our free tool, the ADMU.

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

Blog

Setting Up VPN MFA to Secure Remote Workers

By adding MFA to VPN connections through RADIUS, IT admins can rest assured that their remote user access is secure. Try JumpCloud free.

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?

Blog

Group Policy Objects (GPOs) for MSPs

In an ideal world, MSPs could leverage a group policy object analogue across all three operating systems. Are there cross-OS GPOs for MSPs?