Today’s users access corporate applications from just about anywhere — whether at home, in the office, or while traveling. This means the majority of traffic is now connected over untrusted networks beyond IT admins’ control, which increases the attack surface for malicious actors to exploit. To enable secure frictionless access, IT administrators demand better visibility and control for user access to their AWS and IT resources, including conditional access based on a user’s identity and their device’s security state. 

AWS Verified Access is now available for use with JumpCloud as the identity provider. This allows JumpCloud admins to grant secure access to private applications in AWS from anywhere, without using a VPN, and without making significant changes to their IT environment.

AWS Verified Access and JumpCloud

JumpCloud is an open directory platform that provides secure, frictionless user access from any device to any resource — including applications, workloads, and resources hosted in AWS — regardless of location. JumpCloud’s ability to integrate with AWS Verified Access, announced today at the 2022 Re:Invent conference, is a major step to solve the issue of securing distributed users, managing private application access, and accelerating time to troubleshoot access requests to private applications hosted in AWS.

What Is AWS Verified Access?

AWS Verified Access is a new capability that delivers secure access to private applications hosted in AWS without a VPN. Verified Access continuously evaluates each access request in real-time based on contextual security signals such as identity, device security status, and location. Verified Access then grants the user the correct access based on the configured security policy for each application, thereby improving the security posture of the organization. 

Built on Zero Trust principles, Verified Access enables teams to create, configure, and manage a fine-grained set of policies for private application access. In short, AWS Verified Access enables IT, network, and security teams to improve the security of their AWS-hosted applications, simplify policy implementation and enforcement for application access, and deliver a seamless user experience without the need for a VPN.

Integrating JumpCloud Identity, Access, and Device Management with AWS Verified Access

Many customers today utilize JumpCloud as their primary identity provider. JumpCloud’s full suite of identity, access, and device management makes it easy to configure, monitor, and secure AWS services in their environments. The new integration of JumpCloud with AWS Verified Access enables the following additional capabilities:

• Secure distributed users by granting access using multiple security signals such as identity, location, and device security status. 
• Manage private application access by defining access policies, and onboard new applications within minutes. Build fine-grained policies using security data such as device and software security status to define a user’s ability to access each application.
• Accelerate time to troubleshoot by providing visibility to each access request and logging all requested data, including security signal input used to authorize or deny requests, so administrators can quickly gather data and intelligence to direct fast response.

AWS Verified Access provides secure access to applications by evaluating each access request using fine-grained policies and granting access only to trusted users. Using Verified Access, customers can group applications with similar security needs. They can also use human-readable and easy-to-configure policies to govern access, ensuring a minimum-security bar for the entire group (a Zero-Trust approach). 

In addition, customers can create a more specific access policy for each application in the group. Verified Access supports JumpCloud as an Identity Provider through the AWS IAM Identity Center (successor to AWS SSO) or via the OpenID Connect (OIDC) protocol, which is also supported by JumpCloud. 

Get Started: How to Connect Verified Access With JumpCloud 

Customers can easily add all of this without major changes or additional integrations to their existing JumpCloud and AWS deployments. Customers can connect Verified Access with JumpCloud through AWS IAM Identity Center through a few easy steps. 

Prerequisites

You will need the following before you can get started:

• A JumpCloud account. You can sign up for a JumpCloud Free account here. 
• An AWS IAM Identity Center-enabled account (free). For more information, see Enable IAM Identity Center.
• An Identity Management integration from your JumpCloud account to AWS IAM Identity Center. Consult JumpCloud’s support article and the official JumpCloud-AWS guide for more information.
• A SAML connection from your JumpCloud account to AWS IAM Identity Center, as described in JumpCloud SSO documentation for IAM Identity Center is also recommended..

Connecting AWS Verified Access to JumpCloud

• Step 1 – Enable provisioning in AWS IAM Identity Center. In this first step, use the AWS IAM Identity Center console to enable automatic provisioning by following the steps outlined in the official JumpCloud-AWS guide. 
• Step 2 – Configure provisioning in JumpCloud. Use JumpCloud’s support article and the official JumpCloud-AWS guide r to enable provisioning from JumpCloud to AWS IAM Identity Center. 
• Step 3: Configure identity attributes for access control.  Use JumpCloud’s support article and the official JumpCloud-AWS guide to enable and configure attribute based access control (ABAC) for identity attributes that will be used in the Verified Access security policies.

Additional Resources

• JumpCloud AWS Marketplace Listing
• AWS and JumpCloud Directory
• Manage Access Centrally for JumpCloud Users with AWS IAM Identity Center
• Simplify Onboarding and Secure Group Management in AWS IAM Identity Center
• Using JumpCloud with AWS Command Line Interface (CLI)

Explore JumpCloud

To explore the full range of JumpCloud’s integrations with AWS, sign into your JumpCloud admin console. If you don’t have a JumpCloud account, you can try it for free for up to 10 users and 10 devices by creating a JumpCloud Free account. Sign up to explore how JumpCloud enables you to make work happen — from anywhere, on any device, and with the platforms you choose. Make Work Happen™ on your terms.