With a fully remote workforce, IT admins need to provide the same level of support to their end users as they would in the office. By adopting an end user self-service model provided by a cloud directory service, organizations can simplify their identity management processes for themselves and their end users while simultaneously securing their remote workforce.
Managing Remote Users with Traditional Means
Traditionally, organizations used a core identity provider like Microsoft® Active Directory® (AD) to manage user identities and access to resources within the on-premises, perimeter-guarded network. With recent surges in adoption of cloud applications and other resources that exist outside of the traditional domain, many organizations bolster their on-prem directory service using Identity-as-a-Service (IDaaS) solutions, namely single sign-on (SSO), to extend their identities.
For many organizations, this approach serves their needs. Unfortunately, as the world shifts to a work from home (WFH) model in response to public health regulations, IT organizations need to shift as well. As a result, traditional identity management approaches are starting to break down.
Although IT admins can remotely manage users through cloud IDaaS tools, remotely managing that user’s core identity contained within an on-prem directory service requires a bit more legwork. Users need to use a VPN to access the on-prem network. There, depending on an organization’s password policy, they change the password themselves, or submit a help request for admin intervention. The admin needs to remotely access the same network via the VPN, and then push the changes while the user remains connected.
The process is time-consuming for all parties and requires intensive VPN infrastructure to be secure — a highly technical demand on both admin and end user. Additionally, although simpler, IDaaS identity management often predicates upon end users responding to an email generated by the application or service to make changes to their passwords. Emails like these are often spoofed by phishers to steal user credentials.
Despite the friction and vulnerabilities introduced by remote work management using traditional means, IT admins still need to make sure their distributed users’ identities are secure and that they have access to their required resources. As such, there’s no time like the present for organizations to rethink how they manage their users.
By allowing end users to take charge of their needs themselves, organizations increase efficiency and security, simplifying processes for remote workforces. IT admins can enable end user self-service by leveraging a cloud directory service, or JumpCloud® Directory-as-a-Service® (DaaS).
How Self-Service with DaaS Simplifies Remote User Management
Using Directory-as-a-Service, IT admins provide end users with a single identity that can be used for any resource they have permission to access. This idea of One Identity to Rule Them All® allows admins to automate much of their identity and access management needs and enable self-service password management for end users.
A DaaS-managed end user can change their password directly from a DaaS-managed system they have access to. The system is managed via an installed agent/daemon, which the end user can download and install themselves. Users simply sign in to their browser-based User Portal with their unified credentials, and then install the agent remotely. The DaaS agent also provides end users with a location to log into their User Portal directly from their Mac system via the Mac App without needing to enter their password.
Afterwards, the end user can leverage the User Portal to securely access resources like web applications or manage their passwords — all without a VPN. They can also manage their passwords directly from their Windows® or Mac® system. This process works anywhere there’s an internet connection using the DaaS agent.
Admins simply need to set up their organization’s password security policies ahead of time and configure remote user device settings through group-based policy enforcement. That way, users aren’t implicitly trusted to make changes to their systems, their accounts, or their access permissions; they can only affect their passwords and cut down on help desk tickets.
Beyond streamlining end user and admin workflows, self-service promotes organizational security. System-based password changes provide anti-phishing benefits to an organization; if an end user never deals with email or browser-based password changes, it’s nearly impossible for them to be tricked by a phony email or browser window.
Streamlining logins through passwordless User Portal authentication on a trusted device means that IT organizations don’t need VPN infrastructure to secure remote resource access; end users can freely access their required services without having to log into them.
Adopting End User Self-Service with the Cloud
If the prospect of remote end user self-service through Directory-as-a-Service sounds appealing to you, why not give it a try for free? A DaaS account comes with ten complimentary users, available forever — all you need to do is sign up, no credit card required.