Group Attributes Streamline Access to AWS and Other Web Apps

Written by Leia Schultz on December 6, 2020

Share This Article

JumpCloud’s Directory Platform has a new way for administrators to assign attributes to groups of users to simplify and strengthen SAML-based federated access to work applications.

New group inherited user attributes — for String, Number, Boolean, and JSON attributes — let admins define roles for applications and RADIUS reply attributes that will automatically apply to all the members of that group within JumpCloud. This not only saves admins the chore of assigning attributes one by one to users, it also makes sure the right end users have appropriate roles and access permissions for the work applications they need without friction.

Find feature details below, and info on how group inherited user attributes can be applied to one of the most popular work applications at modern offices: AWS.

Managing Secure Access to Apps at Work

Many diverse cloud applications are used at organizations today; there’s an app for everything an employee needs to achieve (and if one doesn’t exist already for a specific need, it probably will before long). To make sure end users can access their work apps, IT admins need a way to securely federate core user identities to cloud-based services and connect end users to the tools they need.

The concept of identity federation services has been evolving from early generations of SAML-based services and now includes other authentication protocols as well. When Microsoft® Active Directory® (AD) was still the primary directory solution available but IT environments were expanding to include more than just Windows and on-premises resources, IT needed to federate AD user identities to non-Windows® (meaning, Mac® and Linux® devices) and cloud-based services such as web applications. That initially caused organizations to patch together different identity management solutions for different resources, resulting in a tech stack with siloed point tools and third-party add-ons.

Today, JumpCloud’s comprehensive device, identity, and access management platform lets administrators connect employees to the resources they need securely, handling federated access for SAML assertions without any other third-party identity services. What does this look like in action? Read on for a description of how it works for AWS Identity and Access Management (IAM). 

Group Inherited Custom User Attributes with AWS

AWS IAM is one of the top-used web applications across JumpCloud customers in the platform’s app catalog. When admins provide federated access to AWS IAM, users gain access to AWS services and resources through assigned AWS roles.

Prior to this update, admins had to set up user attributes one by one in JumpCloud for each AWS role. This set up the same permissions for all users associated with a configured connector, or dynamically by assigning role values at the user level (management methods which can still be used as needed). With this update, admins have a simpler way to assign and manage roles in AWS IAM. For AWS (and many other applications that allow a role attribute), admins can define the AWS roles dynamically at the group level, rather than at the individual user level. 

This means admins can automate the repetitive task of individual attribute input, ensure attributes are consistent across specified users, and provide cohesive visibility into user attributes based on their work group, such as “Accounting Employees” or “Sales Team.” Plus, end users only need a single AWS connector. Because all the users in a group will inherit the group-level attributes, these attributes are dynamically populated when a user logs into a work application they need. 

Ready to Try JumpCloud Free?  

JumpCloud’s support for group inherited user attributes makes assigning attributes faster and more consistent, saving time and energy so admins can optimize their day. Along with group inherited user attributes, you’ll find other core identity and access management features in JumpCloud for user authentication plus device management, directory integrations, and security all in one place.

Use JumpCloud end-to-end for user and device management by creating a JumpCloud Free account — no credit card required — and test with up to 10 managed users and 10 managed devices. You’ll also get premium 24×7 chat support with technical experts during your first 10 days.

Continue Learning with our Newsletter