Choosing, Implementing, and Operating an All-in-One Cloud Directory

Written by Cassa Niedringhaus on July 28, 2020

Share This Article

Justin Price, IT manager at real estate firm Chase International, needed to select and implement his company’s first-ever directory as the COVID-19 pandemic unfolded. Below is a condensed transcription of Justin’s recent conversation in a webinar with JumpCloud® Group Product Manager Bill Mrochek and Product Marketing Manager Leia Schultz.

Justin discusses the features he looked for in a directory solution, how he ultimately chose JumpCloud, and what it took to quickly deploy JumpCloud to his organization. JumpCloud is a full-suite cloud directory service that connects users to their systems, networks, applications, and files; offers cross-platform system management; and includes telemetry features for admins to monitor machine health and log directory events across their environment, System Insights™ and Directory Insights™.

Chase International Chooses JumpCloud

Leia: Thank you so much for joining us today at this JumpCloud webinar featuring our customer, real estate firm Chase International. Today, we’re joined by Justin Price, the IT manager at Chase International. He needed to select and implement his company’s first-ever directory during the global pandemic we’re going through, which is not an easy task.

Today, we’ll hear Justin talk about the features that were critical in the identity and access management solution that he selected, how he got up and running with JumpCloud, and how today he’s managing a workforce that’s both in the office and remote, as well as the features that he uses in his day-to-day IT operations role with JumpCloud. Without further ado, I’m going to pass it over to our other panelist today, Bill Mrochek. He’s a group product manager here at JumpCloud, and Bill I’ll tee you up for a quick intro.

Bill: Thanks, Leia. My name’s Bill Mrochek. I have been with JumpCloud since October of last year. I’m a group product manager here over two areas: our authentication area, which would be anything MFA, SSO, SAML, LDAP, and RADIUS, and I also help guide our Insights group, which includes System Insights and Directory Insights. My role here today is to have a conversation with Justin, but he’s the star of the show, so I think it’s going to be far more compelling for you to hear from a customer and their real world experience, which he’s graciously given up his time here to talk through.

Leia: Thank you so much, Bill. Without further ado, Justin, I will pass it over to you for a quick intro.

Justin: Hi, everybody. Thanks for tuning in. Just a brief overview of myself: I’ve worked in just about every industry at this point, real estate being the last one outside of the Department of Defense or any of the defense companies. I’ve been in IT for 10 years and worked my way up from the lowly PC technician to my second tenure as an IT manager. I’m really excited to go through the ins and outs of JumpCloud for our organization, and in particular what drove my decisions to get there. If you work in IT, you know the last couple months have definitely not been prototypical. It’s been a whirlwind of changes, and most organizations weren’t ready for it. I want to go through how JumpCloud helped us weather the storm.

Chase International’s Business Requirements

Leia: Awesome, thanks so much, Justin. Quick intro about Chase International, so everybody knows what Justin’s company is all about: Chase International is a Tahoe-Reno luxury real estate firm, and it specializes in unique and distinctive luxury properties in the Tahoe, Reno, and Vegas region. As Justin mentioned, for Chase International, he had the not-so-easy job of selecting the company’s first-ever directory service. Today, we’ll cover how Justin set up JumpCloud for his organization with user accounts and computers. We’ll talk about his use of groups and Policies, cloud RADIUS, TOTP MFA, Apple MDM, System Insights, and Directory Insights — a really great conversation coming up that touches almost end-to-end on JumpCloud’s all-in-one, consolidated platform for user access control and identity management. Justin, Can you start by giving us a quick rundown of the business requirements that you had in mind when you were selecting a cloud directory?

Justin: As you had mentioned, we had no directory service of any kind when I started, including Active Directory®. The file shares were essentially done through Google accounts or Microsoft accounts. The computers were one of the biggest sources of anxiety when I first started because everyone was a local administrator. I really needed a solution that could roll out quickly and help me address some of the key issues and get this company from a small business, home office setup to an enterprise deployment. I also needed to do so at the fastest turnaround imaginable given the COVID-19 situation. 

Taking Control of User Workstations — Quickly

One of the first issues that drove me up the wall was that, on every single computer, every user was a local administrator. If you’ve been in IT for even a couple weeks, you know how bad that is. I needed something to put that in check. I needed a local administrator account on those computers to take control of the systems if needed. If someone forgot their password, I needed a way to get into that machine. Also, Chase is in a very unique position, as we have multiple tenants for each system we use because of the way the organization is set up. We have our real estate side, our corporate side, and then a title and escrow side. We really have three systems for every single use, and I needed something that could bind Gmail accounts and Microsoft 365™ accounts so that the login to the computer was the same as the email. That presented a pretty unique challenge. I’ve been in IT for a long time, and this was the first time I’ve ever been in a Google environment.

We also have a lot of Mac® users. Real estate is one of the first environments I’ve been in that’s really heavy on the macOS side. I needed a system that would allow for group policies not only for Windows®, because that part is pretty easy if you’re in an Active Directory environment, but also for Mac machines. When you start doing computer policies for Mac, it’s very difficult to find a system that does that well. JumpCloud fit that in a very niche role.

I started with Chase the first week of February, and the entire country went into quarantine in the first week of March. Think about when you start a new position, you’re really just getting a feel for things during your first month or two there. I didn’t get that time to get comfortable and familiar with what I was walking into, so not only was I trying to figure out a new organization but I was also trying to bring them up to an enterprise-level standard in the midst of probably the worst economic crisis this country’s ever seen. It was a really challenging and unique time from an IT perspective. Whatever solution I chose — be it the traditional Active Directory approach or JumpCloud — needed to be able to conform to an extremely fast turnaround time. Some organizations were better positioned due to higher budgets and higher levels of IT staff to face the remote work scenarios, but there were a lot of organizations that weren’t ready for it. I knew even the first day I walked into the office, whatever solution I chose for directory management had to be able to work in a remote scenario because I saw the quarantines coming, and I needed something that could help me face that situation as agile as possible.

Avoiding On-Premises Equipment & Complex Networking

I also wanted to avoid an on-premises equipment solution as much as possible. We have 12 satellite offices and no site-to-site tunnels, so every single one of those offices would need a VPN tunnel to talk to a domain controller in a traditional Active Directory setup. Any type of on-prem solution would have created an extra workload for me, so I wanted to avoid that at all costs.

On top of that, with our macOS situation, we would need another management interface. In a traditional Active Directory deployment, you would use Jamf, which would be my first choice. It’s arguable that Jamf is the best in the business at what they do in controlling Macs, but then you have a management interface for Windows and you have a management interface for Mac. I wanted to consolidate things as quickly as possible to meet these rapid turnaround times. Even if I did a Jamf instance, I’d have to stand up a server, that server would need patches, I would need to configure Jamf. All of that is a lot of work. The solution I needed would have a unified interface for all of my operating systems. 

Transitioning from CapEx to OpEx Model

I also wanted to avoid upfront capital expenditures. I was new to the company, and I didn’t want to come out the gates and ask for $100,000 in servers, network equipment, licensing, etc. It makes me look bad — at least that’s how I would see it. JumpCloud’s licensing agreements were appealing to me because you could go on a month-to-month basis. That presented an opportunity to minimize any capital expenses up front and go to an OpEx instead of a CapEx model.

I didn’t have to worry about signing a multi-year agreement — and then if things didn’t work out, I wouldn’t have paid all this money into licensing.

Managing macOS Machines

When I first played around with it, I had a few mixed feelings. The longer I spent with it, from day one to day two, the attachment grew with JumpCloud, especially when you look at the macOS side. What JumpCloud was able to do for Mac operating systems right out of the gate — no servers, all cloud-based — blew my socks off.

Jamf is arguably the best in the business. I’m not going to pick sides here, I really like Jamf, but it definitely had a learning curve to it. It could be difficult to use at times, and the support at times, depending on who you got on the other end of the phone, could be either be very helpful or not helpful at all. With JumpCloud, the more I played with the tools in place to manage my Mac operating systems, I instantly fell in love with it. The Apple MDM wasn’t there when I first started, but the Policies for the Macs were. Being able to control the FileVault encryption, block removable media, control the screen locks, audit my Macs and see which ones I have in the system in terms of their serial numbers and make and model — that was very, very important for me when making the decision to go to JumpCloud. 

Securing WiFi with RADIUS & Segmentation

When I started with Chase, the WiFi networks were not segregated at all. We had our guest, public, and corporate networks all as one network. That gave me a lot of anxiety, seeing the traffic that was passing both through the firewall and showing up on my BitDefender console logs. The ability to segregate those networks into corporate and public was critical. When I did that segregation, I wanted to use RADIUS authentication to the WiFi. JumpCloud offered that right out of the gate, through the cloud, and it has worked amazingly. It is probably one of the features I’m most excited about because of how easily it has been deployed. I’ve run into issues before with RADIUS and it makes you smash your keyboard a few times out of rage, but with JumpCloud, every time I turn it on it just works. That’s been amazing.

I have to credit Dan Van with Puma Telecommunications for discovering this. He’s a third-party network support company, because I don’t have a network engineer. I outsource that. He was able to get JumpCloud’s RADIUS to authenticate our Cisco AnyConnect client, so the JumpCloud account is the same password for the computer, the WiFi, and the VPN access to log into the servers — everything. It’s really cool that it works with the VPN as well. That blew my socks off when he discovered that. I’m not that smart when it comes to networks. That was really nice to have. 

Enabling TOTP Multi-Factor Authentication

One of the things that I have turned on lately for VIP macOS computers — including my computer, my creative marketing and DevOps teams, and my executive team — is TOTP MFA for the computer login. With the Mac, you enter your username and password, and then a box pops up. You use an authenticator that produces a six-digit code, and then the Mac lets you log in. I wouldn’t say it’s revolutionary, but it’s very nice because multi-factor authentication gives you that extra layer of security on these critical computers. 

Establishing Directory Integrations & SSO

We’re a very diverse organization. We have our G Suite™ for email and file sharing, but we also have Microsoft 365 for the same purpose at a different organization. We also use Zoom for our video conferencing and Syncplicity for our secure file sharing. I needed a solution that could do a single sign-on instance across a G Suite tenant, a Microsoft 365 tenant, and our SAML applications. In all the research I did, JumpCloud would’ve done that better than a traditional Active Directory-Okta setup. 

Gaining Visibility into Directory Events & Systems 

One of the traditional weaknesses that I’ve seen with an Active Directory instance is you don’t get as clear a picture of who’s logging in and who’s doing what as easily as you can do with JumpCloud’s Directory Insights. On the group policy side, you need a two-vendor solution to do the group policies — one for Windows and one for Mac. JumpCloud fit both in a nice neat little package. When we’re talking about the computer Policies, the Windows updates can — as I’m sure you’re all aware — be a nightmare to manage. Microsoft will release a patch that breaks 50 things and then release another patch to fix 25 things, but it snowballs. Windows patching is a nightmare no matter what platform you use, or at least that’s been my experience. I needed something out of the gate that I could use to control the automatic updates and defer updates for 30 days to let Microsoft patch their patches. JumpCloud gives me that peace of mind so I’m not battling Microsoft’s crazy patch routine, especially in an organization where all of the Windows computers we have are configured differently — different hardware, different processors, different drivers for every machine. The patching is going to get really ugly very quickly. I can defer those updates and let Microsoft get their stuff together.

The system reporting was also critical. As I said earlier, I started at probably the worst possible time that you could start for a new organization, and it was very difficult for me to gauge what was in my environment. JumpCloud’s System Insights was able to help me figure out what I’ve got. What’s our average computer have in terms of a processor, RAM, and hard drive space? It was very helpful to not have to sit at a machine to be able to figure that out, and just go to the computer’s System Insights tab and look and see what it’s got. 

Enforcing FDE & Other Security Configurations

As I mentioned earlier, we have a lot of Macs, and a lot of those Macs are in key positions of power, so being able to manage the FileVault encryption was important. I’m sure we’ve all been in this position before where you’re ready to turn on encryption and your finger is shaking and sweating a little bit as you’re ready to click that button because you really don’t know what’s going to happen. Is it going to pull the key correctly? Is the computer going to freak out? The very first time I rolled out BitLocker and FileVault on my virtual machines, it worked right out of the gate. I found that when I did the live rollout, the worst thing that happened was that on a reboot on a Windows computer, the user would see a nasty little message that says, “A change has been made. Do you want to continue?” If they hit yes, then BitLocker is working. That was a big relief, knowing that I could protect my devices with full-disk encryption for both Windows and Mac.

The title and escrow side of our firm handles all of your social security information, your banking information, wire transfers, that whole process. I needed a solution that could help me protect that sensitive data for our customers. The removable device control both on Windows and Mac was a key component, especially on the title and escrow side. Those policies in and of themselves were one of the first things I used. No one in title and escrow gets to use a thumb drive, hard drive, or C drives because we need to control that data to make sure we’re doing our best to protect our customers. JumpCloud offered that in an all-in-one solution for both Windows and Mac. The other feature that’s a nice-to-have: the screen locks. I’m guilty of this too. You get up and get a drink of water or cup of coffee and leave your screen unlocked. The screen lock management is nice to have, especially on the title and escrow side. When users get up for loan signings or whatever, the screen locks out after a few minutes. 

Managing Inventory

I also used System Insights for computer inventory management. I could figure out what programs were installed, as well as the serial number, make, model, and specifications of each computer. I didn’t have to have an excel sheet. I didn’t have to have some third-party software to see what I’ve got in my environment. JumpCloud did that all for me. 

Deploying JumpCloud

This next part gets a little interesting — JumpCloud was so easy to deploy. When I started at Chase, out of 70 computers, roughly half of them were Windows 7. It was already early February, and Windows 7 had stopped getting support in early January. That instantly got my heart rate up and caused a little bit of anxiety to try to get those computers out. With the JumpCloud deployment, how I deployed it depended completely on what operating system the computer was running.

On newer computers that were running Windows 10, I would go into the JumpCloud Admin Portal and create a user’s account, typically via the LDAP import from the directory. If they were G Suite or Microsoft 365, I would pull their account into JumpCloud from that and create their account. They would get an email to activate their account, they’d set a password, and that password would be the same they would use to log into their email, to log into their computer, and to log into all the other services from JumpCloud. I would have a domain admin account, and I would bind that to whatever computer they were using.

From there, the user would log into the JumpCloud client on the web portal and install the JumpCloud agent, which would sync that computer and the account to the device. From there, I would send them an email invite to install BitDefender on their computer. Very clean and easy on Windows 10. I never had to be in front of a user to get any of this done. During the quarantine, I was half in the office, half at home, and never once with a Windows 10 or macOS system did I have to be in front of the user to get them bound to JumpCloud and protected by BitDefender.

Windows 7 and 8, on the other hand — there’s no way to salvage that situation. When I started, we bought a slew of new computers, all Windows 10 Pro, and I would have the base image. I would image that computer, install the JumpCloud agent, install BitDefender, and do a remote session with the user to back their data up to Syncplicity, Google Drive, or OneDrive, depending on what the data type was and what organization they were part of. Depending on the comfort level of the user, I’d either drop the computer off at their doorstep or send it to them via mail. Once they got the computer, their account was already bound to it. All they had to do was log in with the JumpCloud account they already created, and I would do a remote session with them and pull their data back down. That was it. It was a little more work to get the imaging done and get the old Windows 7 and 8 computers back to be decommissioned, but overall the process was benign and easy.

With either instance, it really wasn’t much of a headache. This really showed me the value of JumpCloud, especially when compared with your traditional Active Directory or Jamf setup. That would’ve been a much more hands-on process, doing your traditional approach. 

Using System Insights To Monitor Software Installations 

System Insights provided me with a unique opportunity to control my users. I have a very small IT department. It’s me and one other person. When someone needs to install software on their computer, we’re used to going in and either doing a remote session or walking over to their computer. JumpCloud gives me the ability to change the administrative privileges for a user on the fly.

In order to accommodate that process, I have a specific workflow in place. The user submits a form, specifics what they need installed, I’ll look at the software and do the CDE details, and then either approve or deny the request. If I approve the request, I go into the JumpCloud Admin Portal, change their account to an admin, let them do their software installs, and then run a quick check on System Insights to make sure they installed the software that I approved.

JumpCloud manages the local account, which is one of the things that I kind of dork out about. Giving the user admin access on one computer doesn’t mean they have blanket admin access to any other computer. Some of my users have more than one computer, and the software I approve is only approved for that computer. Having the ability to change the user’s admin privileges on specific computers is an amazing and flexible tool. It really saves me time, especially when I’m trying to do RADIUS rollouts and all this other stuff. I let the users install their own software and have the checks and balances to make sure that they’re not installing World of Warcraft or Farmville or any of that other stuff we don’t want on there. This feature worked well on Mac. Unfortunately with Windows, you have to log out and log back in.

That was a saving grace, especially during the dark times, as I like to call them, of the quarantine.

JumpCloud Q&A


Bill: One of our attendees asked you to dig in more on a couple topics. Could you talk a little bit about SSO and how you set up G Suite and Microsoft 365?

Justin: As I mentioned earlier, I have multiple tenants because each organization has their own G Suite instance or their own Microsoft 365 instance.

I also used a unique SAML connector for each application in each organization. I have three SAML connectors for Syncplicity — one for our Lotus G Suite tenant, one for our Chase, and one for our signature, title, and escrow. The setup process couldn’t be easier, especially for pre-configured applications like Syncplicity. I describe which one it is with the display label in the Admin Portal. I go in, fill out the service provider identity ID, fill out other information, do the exact same thing on my Syncplicity console, hit save, and activate. Instead of signing in with a username and password, users SSO and authenticate through JumpCloud. I could do that repeatedly across the organization. Having multiple SAML connectors across the multiple tenants that I have was a bit of a lifesaver. It would’ve been ugly to try to do this through another provider.

Bill: We have over 650 connectors in our SAML catalog, a generic SAML connector, and we build out somewhere between four and 10 a month on request. We’re going to continue to build that catalog. We think we’ve covered the top ones, and I’m glad you had such a great experience because we try very hard to make it as easy there as possible.

New Feature Requests

Justin: The JumpCloud support was great. They actually held my hand through the first one, and I couldn’t have been happier with the support. If you ever want a feature added, there’s a tab in the Admin Portal. Go submit your idea — they’re always checking things and adding features based on user feedback. They’re engaged with you guys. They’re there to support you, and the support has been fantastic, at least in my experience. Shout out to the JumpCloud support team.

Bill: That’s great to hear. I’ve worked other places where they’re not tracked very well — but here at JumpCloud, when you submit an idea, it goes straight to a tool called Product Board. It pulls in data from Salesforce and enriches it. We know who submitted the idea, what it is, and we as product management categorize every single one. We pay attention and then we group them, and we look for hotspots. If you submit an idea, there’s no guarantee it will get done. But if you submit an idea and five other people have submitted, we might even reach out and talk to you. That’s an idea multiple customers are thinking about, and we absolutely take your feedback seriously. Please keep it coming. 

Transition to SSO

Leia: Keeping it on the topic of SSO and SAML: In regard to SSO and SAML, for a lot of folks here, it’s either all in or nothing. Justin, how did you handle the transition of testing and setting up your systems without going live for everyone on JumpCloud?

Justin: Very carefully and deliberately. I don’t know how many of you have worked in real estate, but they’re very change-averse. For them to go from using a password every time to using single sign-on every time was a big hurdle to overcome. I tackled that by organization. I only rolled it out one tenant at a time, examined what issues popped up, and addressed them. I didn’t have any issues once I turned the single sign-on on, especially on the Syncplicity side. The Axway Syncplicity works with single sign-on via the JumpCloud integration.

The only issue I ran into was on the G Suite side, and it was a mistake on my end — a fat finger. It happens. Other than that, the deployments for SSO went very smoothly. It was doing little baby steps at a time, not doing too much where you break too many things or introduce too many risks. Just control the variables. It went great. It really did.

Export Directory Insights Data to SIEM Solution

Leia: The next question we have up here is related to Directory Insights. The question is: Can I export Directory Insights and the activity log data continuously into my SIEM to analyze events and trigger incidents if needed?

Bill: Justin, can you give us two minutes on that? Then, I’ll tell you what we’re going to do in the future to help make this even better.

Justin: Directory Insights gives you the ability to export your data in a raw CSV or JSON format. I use the CSV format because it’s much easier to export the data and import it into SAS using CSVs. It’s not a continuous loop, but every morning as part of my daily routine, I export the logs from JumpCloud into a CSV format and import it into SAS Analytics. I’ll look for who had a failed login. I can visually represent that in SAS. I can see how many failed logins there were, what percentage of the failed logins there were. I can see the host name, the IP address, the time stamp, the event type. I can export all that information from Directory Insights into a raw CSV format and mine the data myself, which is an amazing feature. Directory Insights gives you the ability to take what JumpCloud gives you even further if you have the skillset to take advantage of it.

Bill: We’re actively talking about data egress in terms of the JumpCloud roadmap. You can access it via the API today or, like Justin said, you can go into the console and manually export JSON or CSV. We’re looking at other ways to put it directly into an AWS S3 bucket — no commitments, but we’re actively exploring that with customers right now. The other thing is that not all customers have a SIEM, so we’re going to put some basic alerting into the product itself as well. I don’t know what that will look like just yet, but if you stay tuned and you keep talking to us, you’re going to see some of that stuff start to show up on the roadmap too. We’re not going to try to replicate all the functionality and alerting of a full blown third-party tool like a SIEM, but there will be basic stuff out of the box as part of Directory Insights.

System Insights Export & Expansion

Leia: Similar to Directory Insights, will there be a System Insights export to see what computers I have in a domain? What kind of data might be in the roadmap around computer, OS, RAM, CPU, and so on when it comes to System Insights and the visibility or export it provides?

Justin: For System Insights, I would like the ability to have a raw data dump like I do with Directory Insights. I use System Insights to look and see what I have in my environment. Right now, the UI is limited to clicking on each computer and seeing what the specs are — serial numbers, IPs, installed applications, Chrome extensions, and that type of deal. It’s a more laborious process in that you have to pick which systems you want to do reporting on, but let me tell you this: JumpCloud rolled out System Insights right when I started. I think it was March when it went live, and it was in early beta testing when I signed up for it.

From the product I signed up for in March to the product it is now in July, it’s a completely different system. JumpCloud is constantly adding new features in reporting, and they’re doing so at a very fast pace. I’m sure by the end of the year or early next year, they’ll have that ability to pull groups down at one time and do reporting like you can do with Directory Insights. That’s been one of my favorite features about JumpCloud is how fast it’s evolving. Right now, the way I use it is mainly to look at individual systems, one at a time and do reporting on what programs and Chrome extensions are installed, but I’m almost entirely certain that JumpCloud is going to expand that feature very quickly.

Bill: Yeah, we’re going to expand for sure. System Insights and Directory Insights are not apples to apples. Directory Insights is elastic search, so we ingest data. We’ve been enriching it. We’re filling all the data gaps. When I say we enrich it, we take things like LDAP logs that have 10 events in 10 different lines and sessionize them so they look like one event rather than 10 different things. We’re trying to eliminate noise from Windows login where you get all the different users as different events, when it’s really one event. It’s completely searchable, and it’s easy to export.

System Insights is static data. We take an hourly snapshot, so if you change something it might take a bit to show up in System Insights — depending on when you changed it and when that snapshot was taken. It’s not nearly as searchable as we would like today, so we’re working on changing some of the underlying infrastructure a bit to try to make sure we can do that. We recognize what you just said, Justin, is true. It’s not as easy to search. You have to go system-by-system. We do have plans for what we call currently a fleet dashboard. It may not be called a fleet dashboard when we release it, but it would be more of that aggregate view. To the specific question, we have almost all that data. We have about 160 data tables inside the System Insights database, so if you want it I’m sure it’s there. You can get at it through an API, and we do have some customers that are pulling that data out every four hours into their SIEM too. It’s there as well via PowerShell, API. System Insights is more limited in the UI than Directory Insights is, but we’re going to be enhancing that.

Justin: Thanks for bringing up the API. If you’re a guru and you use the API, there’s essentially no limit on the data you can pull.

Bill: We have some pre-built PowerShell dashboards that aren’t hard to use. It’s a single command. It’s all documented in a KB, and stay tuned for the roadmap because we’re definitely going to be moving forward on both of those products.

Establishing User Account on Every Workstation

Leia: In my experience in testing the software, you have to push a user account to the workstation in advance of the user attempting to log in with JumpCloud. In this person’s environment, it’s required that anyone is able to log into any workstation at any time. Can we answer how that AD feature would be available through JumpCloud? How does JumpCloud do that compared to how AD would be able to do that?

Justin: That’s an easy thing to do. If you go to the Users tab in the Admin Console, let’s say Jane Doe needs to be able to log into every computer in the organization. You have a master checklist of your systems, and you can save that user. I’ve done that with my domain admin account — for a domain admin account we can enable that by default. It literally couldn’t be easier.

Lightning Round: MFA, API, & Alerting

Bill: I’m going to do a lightning round of the questions I have in front of me. I’ve seen a handful of MFA or login questions, usually specific to the system or whether you can use your phone as a secondary factor. We do support Windows Hello and Apple Touch ID as second factors. If you’ve got that set up with your iPhone, it should work. We just shipped WebAuthn as well. If you log into your machine, WebAuthn obviously doesn’t work for the initial login but you can continue to use Windows Hello and Apple Touch ID to log into the JumpCloud portal from there if you have a laptop with a fingerprint reader or however you’ve set them up.

We can get back to the person who asked about how you automate the API call — there’s obviously work on your end to do the automation piece, but we can walk you through how other customers have done it. We’re doing that with one customer right now, so happy to follow up with you on that.

Someone asked about vulnerable software. I talked about how we’re going to be putting in some basic alerting. For Directory Insights, that’s going to be focused more on auth events and things you might be interested in, like user lockouts. We’re doing a survey now to figure out what people care about the most. On the System Insights side, it might be browser plugins you don’t like or software that’s now gone on a known vulnerable list. Those are things we’re talking through, too. We want to be able to do some basic alerting, and eventually there’s a dream in the JumpCloud eye that we’ll help you do one-touch remediation through the console, but that’s next year. But that’s where this is headed. If you’ve been with us for any length of time — and Justin you’ve been here four months and you’ve said it — we are constantly shipping stuff. We are making this better all the time, so you’re going to see a lot of that stuff start to show up.

We’re very focused on small value, all the time, constantly shipping new things all the time. On the Directory Insights side, which is my world, we ship new filters every week. We’re shipping new things into the activity log, three or four of them every week, for the next two months. You’re going to constantly see it evolve.

Try JumpCloud Free

Justin: If you have a traditional Active Directory instance, and you’re dabbling your toes in what JumpCloud could offer, I want to give a shoutout that JumpCloud will let you test 10 accounts for free. It doesn’t cost you anything. Just create your admin account. Go in and play with it, blow stuff up, try and blow stuff up. Have fun with it. Just see what it has to offer. It doesn’t cost you anything.

Bill: We did not pay Justin with anything other than a T-shirt. You are plugging the heck out of us, buddy. I’m glad we have such a happy customer. Super happy to have you with us today. Thank you for your time.

Justin: It’s a lifesaver, so thank you.

Leia: Echoing Bill, thank you so much, Justin. We’ll definitely have to have you back for another Office Hours or webinar with JumpCloud. You are a fountain of knowledge for everybody. I hope everybody signs up to join our public Slack workspace, the JumpCloud Lounge. Huge thank you to Justin and Bill for taking the time to walk us through your story today, and thank you everybody for joining us.

Cassa Niedringhaus

Cassa is a product marketing specialist at JumpCloud with a degree in Magazine Writing from the University of Missouri. When she’s not at work, she likes to hike, ski and read.

Continue Learning with our Newsletter