JumpCloud’s Q4 2021 webinar outlines the platform’s evolution into a directory that will integrate endpoints across services, bring new automations to bear, and serve as a central lifecycle and governance platform with multi-factor authentication (MFA) everywhere. The webinar outlines the immediate and the near term investments that are being made to the platform’s depth of service, reach across devices, and ability to fulfill the visibility, reporting, and compliance needs for all categories of customers.
We’re already putting the latest round of financial investment to work so organizations that use JumpCloud as their identity and access management (IAM) core can extend further, with a Zero Trust model that provides one click ‘blueprints’ to rapidly achieve security and compliance baselines. JumpCloud is in the process of rolling out enhancements to authentication, device management, and actionable insights through greater visibility and reporting across your entire fleet, with special provisions for our MSP customers to better support their clients. Significant new functionality will be delivered over the coming weeks and months with a commitment to continuously iterate and expand upon the platform’s utility, and streamline how IT administrations use JumpCloud every day.
Authentication Meets a Robust Cloud Directory
JumpCloud Protect™ MFA delivers MFA across all endpoints, but with a user-friendly experience that proactively reduces help desk calls. To that end, we’re extending its reach this quarter all device endpoints as well as push MFA for the Linux terminal screen; this means SSH sessions are secured through either TOTP or Push authentication factors. This delivers:
- A cost reduction by eliminating the need for a third party solution provider
- A reduction in complexity
The user experience will improve through self-service password changes and resets, which is coming soon for Mac agents, followed up shortly afterward by Windows. This is made possible by the inclusion of an alternate email (which must be previously registered), MFA, and administrative policies that create a simple, secure workflow. User acceptance is a key driver to successful security policies.
Other benefits will emanate from the cloud directory and work seamlessly to deliver a single synchronized identity, automate lifecycle management, and govern access control.
Identity and Access Management
Identity and lifecycle management are being enhanced with more attributes from more places, such as third party providers including Google and Microsoft. Core attributes will broaden to form a meta directory that will factor heavily into richer scenarios for managing access control policies and group members through the combination of Attribute Based Access Control and conditional access rules. JumpCloud has already formed smart groups that can recommend memberships and keep pace with organizational changes such as when someone is transferred to a different team and assigned a new manager. Richer attributes create greater intelligence.
Customers also benefit from our commitment to build out an ecosystem of SAML connectors. Some upcoming additions are:
- …and more
New integrations will be added each quarter with increasing velocity. It’s no secret that SSO implementation can be difficult: our perspective is that an Identity Provider (IdP) should be able to connect to anything, and that we should do the heavy lifting for SSO and offer guidance where necessary.
We’re developing new capabilities for lifecycle management such as the ability to stage new users or schedule suspensions. Onboarding and offboarding are critical capacities, which admins will be able to queue up on their own timeline. Admins will also be able to choose which activation email to use as we iterate more heading into next year.
We’ve also responded to customer feedback and are in the process of delivering custom LDAP attributes that will enable admins to map LDAP fields to JumpCloud custom fields to create the specific taxonomy that you want for your organization. Governance also extends the capacity to do things ‘your way’, or following what governance and regulatory compliance standards specify.
Speaking of governance, JumpCloud groups are becoming more powerful and extensible from the ground up. We already mentioned the possibilities that smart groups can deliver above, but there are targeted foundational changes occurring now. You’ll also notice an even deeper commingling of lifecycle management and governance policies early next year. Some of Q4’s enhancements include:
- The ability to assign sudo privileges to a select group and no longer having to worry about who’s an administrator or not.
- Group export to Microsoft 365 to create mail distribution lists or set incrementally targeted permissions. Google Workspaces will be supported in the future.
MSPs will have the option to restrict admin access and scope admins to particular organizations. This tightens the security and governance of client management.
Governance and lifecycle management tend to be thought of through a user-centric lens, but devices are the predominant touch points where the user ‘lives’. As such, device management is slated to receive significant updates that complete endpoint and service integration.
Advancements in Device Management
JumpCloud’s centralized management and platform services extend further into device management than ever, focused on improved desktop agent depth, expanded mobile capabilities, and greater automation and security throughout the entire device lifecycle.
Our objective for Q4 is for customers to grow successfully with us while emphasizing security and reliability of services. Some of the changes under development are:
- Zero day OS support for Mac and Windows, with blocking policies for both operating systems that will delay major milestone releases until you’re ready to go.
- New compatibility with Windows Active Directory domain joined PCs for additional device telemetry. Customers previously had to un-join devices before installing JumpCloud.
- Linux users receive more ‘out of the box’ security policies, with the option of setting the desktop screensaver and lock screen settings.
- macOS receives several upgrades that were vocalized by customer requests, such as a dynamic list of third party applications that are installed on devices that works with the OS’s keychain, eliminating prompts each time when they’re opened.
- We’ve added more visibility into the ‘health’ of our agents to remediate issues such as an invalid secure token before problems surface and lead to support tickets.
- A transitioning away from polling to real-time notifications for backend agent communications. Customers may also roll back versions if they choose to.
Choice is fundamental to MDM for iOS and we’re delivering a full-fledged management solution. Q4 updates include BYOD support through User Enrollment, a process that’s integrated with Apple’s Managed Apple ID user identity services. This creates a user-driven workflow but also provides assurance, integrity, and confidentiality for your organization’s information security. iOS supervised management underlies corporate enrollment, should you desire greater control using company owned devices.
We’re prioritizing security first, but will work toward rapid onboarding with deeper support for Apple’s Device Enrollment Program (DEP), which offers zero-touch provisioning for each user.
Automation and Security
You may have been curious about how we’ll deliver “one click ‘blueprints’ to rapidly achieve security and compliance baselines’’ when you began reading this article. Our roadmap builds out a device lifecycle vision for visibility, automation, and remediation to monitor fleet health and provide single click solutions for when deviances from policy or expectations occur. Device compliance actions will continuously work on behalf of IT admins, for example, pushing secure configurations without the need for manual intervention.
The first automation you’ll notice is OS patch management, which, while currently available through basic policies today, is in the process of expanding considerably, starting with a robust fleet dashboard. Our objective is to couple an elegant patch management solution with simplicity, with options for extensibility. You’ll see OS distributions, versions, and any policies you can apply within a unified view. Our agents will also become more interactive with users to notify them when updates exist. Capabilities such as forced updates and integration with third party apps are also coming.
These features all provide greater depth of reporting and insights into your environment to satisfy growing compliance and governance requirements.
Reporting with Actionable Insights
We’re striving to make the portal more fun and engaging for admins, and the watchword is visibility; we also understand that compliance and reporting are facts of life within every organization. JumpCloud is responding to those needs by building out a collection of pre-made reports, and is renewing its focus on availability, performance, and scalability. And we’re ensuring that this is true for direct users and MSPs alike.
A Revamped Homepage
The homepage won’t just look different: it will give actionable insights through widgets, which are customizable so you can surface what you care about most. We’ll be adding more widgets over time and alerting on metrics that you care about, such as user lockouts. It will reduce clicks by enabling you to select all and take action to unlock accounts rather than manually sorting through lists individually, per user.
You’ll view device highlights, associations for devices, and high touch events, all with quick links to remediate problems. In short: a single screen to avoid navigating elsewhere. Users have already experienced this through our device management console.
There will be two paths for information about security events and access control logs: through the platform and with data feeds that integrate JumpCloud with your in-house SIEM. We’re expanding our reporting for security and compliance, driven by the responses we received in our customer surveys. The platform will soon include an array of detailed synthesized reports to download and export to a CSV. User device reports are coming in Q4, which will enable admins to immediately know who has access to what, either directly or indirectly via groups, and reveal all device associations. Admins will be pleased to know that it also lists their last known login date.
Other reporting facilities are geared toward the MSP audience. MSPs will soon be able to drill down into the billing details (a Q4 feature) of each tenant and download invoices soon thereafter.
Watch the Webinar
This article provides a summary overview of what was discussed during the webinar. It’s a bold vision (in this writer’s opinion), and Q4 prepares the ground for even more possibilities in the future. It’s significant that activities that once required multiple steps (and multiple solutions), or the mastery of directory schemas, are being distilled into single clicks within a unified lifecycle and governance platform. Simply put, JumpCloud is redefining the directory. There are additional discussions and a QA session available in the recording. You may click here to view it.