Before joining JumpCloud, I worked at an organization that leveraged JumpCloud’s cloud directory for access control and device management. I used a Mac® and I’ll admit that I didn’t love that I had to re-enter my credentials to get into the JumpCloud User Portal to access my work applications after I logged into my laptop. While not a huge hurdle, re-entering the same username and password combo still felt like an inconvenience.
User experience is just one piece of access and device management. An IT administrator’s main priority is making sure end users and company resources are safe, anywhere they’re working. While IT admins don’t want employees to experience friction when they work, it’s mission-critical to enforce a good company-wide security posture so employees are protected from cyberthreats.
End users want to get their work done without disruption. IT must ensure users and company resources are secure. Is there any way to make both groups happy?
Make the Device the Gateway
JumpCloud introduced the JumpCloud Mac App in 2018, a breakthrough system management application that set the foundation for JumpCloud’s focus on how identities interweave with devices that are trusted and secure.
Today, IT teams gain even more powerful (and still lightweight) system management and can deliver a better end user experience to employees on macOS® with the app’s latest functionality: The JumpCloud Mac App now provides a passwordless path to productivity by allowing one-click access to the JumpCloud User Portal, where users’ designated work apps and settings live, after device login.
The 2020 Mac App establishes trust at device login, which takes care of a one-time, native identity check, while offering better protection to users by eliminating web- and email-based phishing attempts.
Requiring no admin intervention, users can update their JumpCloud password with the Mac App and sync it across everything in their business’ IT infrastructure. When end users change their password with the app, it ensures all resource access is updated with the new password including G Suite™ or Microsoft 365™ passwords, network/RADIUS passwords, on-premises or cloud-based application passwords, and credentials for locally managed files on Samba servers and NAS appliances.
This adds another layer of end user protection: When users change their passwords in G Suite or O365, they expose themselves to risks that they can avoid by using the Mac App’s device-level password management, which closes off these attack vectors. Users don’t need to launch a browser, log in to another portal, or ask their IT admin how to change their password. Through native OS notifications, the app reminds the user when it’s time to update their password, based on IT’s standards for their security posture.
In this way, the Mac App becomes the gateway to all the IT resources secured by JumpCloud, making the app the most secure and efficient way for end users to authenticate to corporate resources to do their jobs.
(No, you don’t have to use the JumpCloud Mac App for macOS governance if you prefer not to. You can easily hide it from end users by using a policy.)
Passwordless Means Better Protection
Security for end users and company resources is not a new priority for IT teams.
In the earlier days of cloud-based Directory-as-a-Service, there was still skepticism that SaaS security could do what on-prem solutions could do to protect company employees. Today many admins trust that cloud security is a viable way to guard company resources and protect employees on their work device, be it a Mac, Windows, or Linux machine — but passwords are still bad actors’ favorite target.
If granted unrestricted access to a system, its settings, and the resources it can access, these bad actors have free reign over an organization’s critical infrastructure and data. Passwords are the weakest link in identity and access management: More than 40% of recent organization breaches stem directly from hacked credentials, resulting in a staggering 90% reported significant business consequences.
Email- and browser-based phishing attempts are proven to be the easiest way for these actors to get access to company data. For JumpCloud-managed Mac devices, these are the attack vectors the Mac App’s update removes from the equation.
Why Device Trust is the Future
The Mac App update is part of JumpCloud’s System-as-a-Gateway philosophy, which recognizes an employee’s device as the center of their identity world at work. In practice, this translates to enabling modern IT teams of any size to provide secure access via the right device posture checks, by enforcing device security and verifying the device, user identity, and location to allow access to resources, wherever they are, with no need to re-enter credentials.
IT admins can adopt this approach with JumpCloud to protect and manage a user’s device as a singular interface to a potentially complex IT infrastructure, while end users enjoy a frictionless workflow after passing a one-time authentication challenge. This concept also empowers admins to thwart attacks before they happen by providing device-level password management, coupled with insights into where, how, and when a system is being accessed, so they can apply appropriate safety constraints.
All of this becomes even more impactful when it can be done in one place. Enterprises of all sizes want to accomplish this without having to spend on and support a patchwork of IT tools. As more companies move away from Active Directory, or are required to extend it, one consolidated, cloud-based platform for access control and device management will continue to become IT’s preferred directory service model.
Get in touch with us today and a directory services expert will demo the JumpCloud platform for you. Not ready to chat? Then take a look at how JumpCloud supports organizations without a directory in place yet, seeking to replace Active Directory, or extend Active Directory in their current infrastructure.