Introducing AD Bridge

Written by Greg Keller on November 3, 2014

Share This Article

Note: JumpCloud has updated their AD Bridge functionality, and the below post is now out of date. Information on the new version of AD Bridge can be found on our product page.

Introducing AD Bridge

New for JumpCloud Directory-as-a-Service is our AD Bridge. The AD Bridge is the first of the product’s external “Identity Sources” which can be pulled in to JumpCloud and kept in synchronicity. A new Windows Server agent for AD is installed to listen for events and keep JumpCloud’s directory in constant synch. With Active Directory® acting as the source of truth where users are added, deleted and managed within groups, the AD Bridge will replicate those users and groups to enable users to leverage JumpCloud’s unique features. A complete list of those features is below, and a detailed installation/get started guide can be found here.

Key capabilities of the AD Bridge are as follows:

  • Synch and extend Active Directory users to private or public cloud infrastructure managed by JumpCloud
  • Synch and extend Active Directory users to cross-platform device types managed in JumpCloud such as Linux or Mac OS X
  • Clear demarcation of users who have been created in Active Directory and imported into JumpCloud. JumpCloud will also simplify the creation and association of SSH keys with these imported users…
  • New monitoring screen to observe integration and availability status with your Active Directories (see below for alerting example):
  • New Active Directory agent is installed on a Windows Server hosting the AD-DS to synch with JumpCloud (The agent is available via the “Identity Sources” tab)
  • When a “JumpCloud” user group is added to your Active Directory server, and users or groups added to it will be synchronized with your user directory in JumpCloud.
  • When a “JumpCloud Admins” user group is added to your Active Directory server, any users within it will be given Administrator/Sudo permission on systems managed by JumpCloud.
  • If a user is marked “disabled” within Active Directory, that account will be removed from JumpCloud.
  • All groups of which a user is a member will be created in JumpCloud as a new tag.
  • Tags and users created via the AD Bridge are identified by their source domain controller.

The AD Bridge supports 64-bit versions of Windows Server 2008 and 2012.

Agent Installation Behavior Changes for Linux and Mac OS X Hosts

In the past, JumpCloud agents were designed to change SSH server (sshd) configuration settings as soon as they were installed on Linux and OS X hosts, so that such hosts would:

  1. No longer accept remote ‘root’ logins
  2. No longer accept username and password logins
  3. Require only SSH key logins

Now, JumpCloud agents will leave existing SSH settings intact when they are deployed on hosts. This means your configurations will now remain as you set them and will inherit settings from your machine’s profile upon new installations. Users can still use JumpCloud to change them after the fact. However, if you did prefer the above configuration, you have at least three options going forward:

  1. Set your desired configuration on your host (or host image, such as an Amazon Machine Image (AMI) before installing the JumpCloud agent.
  2. Leverage the JumpCloud system context API to apply your desired settings.
  3. Apply your settings within the JumpCloud UI, by going to “Systems -> Details”, and making your selections there.

New First Time User Feature Tour

This release re-institutes the new user ‘hopscotch’ tour. The tour has been updated to reflect the sweeping changes in the products user interface reflecting new Directory features.

Continue Learning with our Newsletter