Below is a recap of the questions asked at JumpCloud’s first live office hours session. These sessions are presented in an “ask an expert” style, allowing IT professionals to have an informal place to ask questions and get guidance from our experts here at JumpCloud®. Each session will focus on a different topic, often centering on answering customer questions we’ve received throughout the week.
The topic discussed on April 24, 2020 was on remote working, and was moderated by Product Marketing Manager, Leia Schultz. Our experts that led the conversation were Product Marketing Manager, Dan Fay, and Technical Editor, Brandon White. The two have over 30 combined years of experience in IT administration support.
If you want to catch the full conversation to stay up to date on what’s happening here at JumpCloud, feel free to register for our live sessions. You can also submit any questions you want answered in the next session.
What Are The Challenges Around Supporting a Distributed Workforce?
There are a lot of variables that could affect the implementation and optimization of a remote workforce. When managing any fleet, whether it be on-prem or remote, the main focus needs to be around security and authentication.
Luckily, with JumpCloud we have system management baked into the platform. So as long as there’s internet access and the JumpCloud Agent is installed, we can manage Mac®, Windows®, or Linux® systems regardless of where they are. It can also be a challenge, but be sure you’re leveraging good security practices:
- Make sure that disks are encrypted by default through BitLocker full-disk encryption for Windows and FileVault for Macs.
- Make sure strong passwords are used and enforce multi-factor authentication (MFA) anywhere you can.
- Consolidate user access for applications to make it easier for the user to access single sign-on (SSO) apps from a single portal.
It’s important to note there are two distinctly different use cases for a VPN:
- To connect with and access resources held within a corporate office.
- To encrypt your traffic when you’re on a public or untrusted network.
To learn more about general VPN practices, check out this blog on managing remote user access to VPNs.
Can a JumpCloud Employee Create a User Within My Directory Instance?
No, we cannot. The key needed to access your JumpCloud instance is created entirely by you through passwords and MFA; JumpCloud has no part in this process. The way we’ve architected our platform prevents anyone who isn’t within your organization from accessing or creating users. JumpCloud basically only accounts for how many users you have, but we can’t change anything, take actions, or make edits on your organization’s directory instance.
How Do I Monitor System Health On Macs and Linux Machines?
We have System Insights™ which gives you a deeper layer of introspection into the system. It can show you what applications are installed, what patches or updates have been installed, and the health status of hardware and disks. There’s also a lot of information that could be pulled from a System Insights query, whether it be through the API or the GUI.
We also pair with application package management systems like AutoPKG and Chocolatey using JumpCloud commands in the Admin Portal or leveraging the JumpCloud PowerShell Module. That way you can manage the applications installed on the Windows or Mac system remotely.
What Tools Have You Been Using For Remote Collaboration?
Google Jamboard™ is a great feature for helping visual learners and teachers. We’re also using meeting platforms to do presentations, like Google Hangouts or GoToWebinar. Everybody gets to touch base with their team and it fosters a sense of collaboration while remote.
Any type of instant messaging platform, such as Microsoft Teams® or Slack®, helps remote workers communicate and ensure that everybody’s up to speed. In addition, if the application uses SAML 2.0, JumpCloud can integrate with it.
Leveraging JumpCloud helps with remote user lifecycle management. JumpCloud offers the ability to onboard and offboard users remotely, as well as provision systems remotely by downloading the JumpCloud Agent and providing a new user account to that system.
How Can JumpCloud Help With Remote Provisioning?
JumpCloud Directory-as-a-Service® (DaaS) also offers the ability to remotely suspend user accounts, so if you have to offboard a user from the company, you can put accounts in a paused state that revokes all access to JumpCloud resources instantly. If they’re logged into a Mac or Windows session, suspending the user’s account logs them out, returning them to the login screen. Also, the suspend user feature works for SAML 2.0 applications, G Suite™ Integration, Office 365™ Integration, and Active Directory® Integration. To fully remove the JumpCloud Account along with access, you can simply highlight the user in the Admin Portal and delete them. It disables the account and all user access is revoked immediately.
JumpCloud doesn’t delete an application’s account so that you can still go into that user account and retrieve whatever company information you need. The same applies to systems, so that when a user is offboarded, their account goes into a suspended or disabled state. Therefore, the user file still exists when you, as an admin, receive the machine. You can then pull the information and send it to an archive or shared store.
Provisioning applications that support Just-in-Time (JIT) provisioning allows you to remotely provision the application’s account for users. JIT provisioning is supported on a good number of our apps, and we’re adding support for more apps as we go. To remotely provision a user to an application, simply bind that user to a user group that has access to the application. It’s beneficial for automating user onboarding, making the process more efficient.
Helpful Links Discussed in This Session
We recently released a blog where we detail how to use a command to address a zero-day vulnerability in Zoom.
Interested in catching next week’s office hours? Feel free to register for the next session.