JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Integrating AWS Client VPN into Your IT Environment



Ensuring remote workers can securely access on-premises and Amazon® Web Services (AWS®)-based infrastructure is a critical demand of today’s IT administrators. While many utilize dedicated virtual private networks (VPNs) to do the job, AWS offers its own managed VPN service to obviate the need for server hardware. Integrating AWS Client VPN into your IT environment is simple with the help of a cloud directory service.

What is AWS Client VPN?

AWS Client VPN is a free, AWS-hosted VPN service, providing encrypted remote access to AWS and on-prem infrastructure. In practice, it works much like a normal VPN would but uses pre-configured OpenVPN infrastructure so you don’t have to worry about setting up and maintaining VPN servers. 

In order to authenticate to AWS Client VPN, end users provide their AWS credentials. Admins can simplify this process by tying organizational AWS identities into the core identity provider (IdP) through a single sign-on (SSO) solution, reducing the amount of unique authentications end users deal with. AWS Client VPN also supports multi-factor authentication through these tools.

Although the “VPN-as-a-Service” that AWS Client VPN provides is ideal for organizations that want to shift their on-prem infrastructure to the cloud, it can carry a bit of irony. Often, the IdP employed by admins as the source of truth of AWS identities is Microsoft® Active Directory® (AD). AD is generally an on-premises directory service implementation, so organizations using AD will inherently have a foot cemented on-prem — regardless of AWS Client VPN.

Fully Cloud AWS Client VPN Identity Management

IT administrators can achieve fully cloud-based identity and access management for AWS Client VPN and the other work resources in play at their organization through a cloud directory service. The cloud directory service reimagines Active Directory for modern IT needs, providing a single pane of administrative glass for user management, Windows®/Mac®/Linux® system management, SSO, network authentication, and more.

A cloud directory service like JumpCloud® Directory-as-a-Service® enables IT admins to shift off on-prem infrastructure almost entirely, using SAML SSO to federate identities to AWS Client VPN and hundreds of other applications

From an end user’s perspective, they simply have to log in with their centralized JumpCloud password to their web-based User Portal, which can be safeguarded with MFA, and then they’ll have access to AWS Client VPN and all of their requisite applications and other services. This User Portal password is the same password they’ll use to access their systems and networks as well. With SAML IdP initiated logins, users click the icon for the app they need, and are logged in instantly.

With one consolidated identity backed by MFA, end users can create complex, secure passwords to keep them safe from attack. JumpCloud even provides a route for system-based password management on Windows and Mac, which helps to prevent users from falling for phishing attempts in phony emails or web pages.

Try JumpCloud for Free

Consolidate your identity and access management needs with JumpCloud Directory-as-a-Service. You can use the product free for up to 10 users and systems forever just by signing up.


Recent Posts
See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

Blog

SysAdmin Day: 5 Ways to Treat Yourself with JumpCloud

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.

Blog

Automate Linux Management

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.