Simplifying Remote IAM as an MSP

Written by Zach DeMeyer on April 25, 2020

Share This Article

Many organizations are moving their operations to the cloud to maintain business continuity while their employees work remotely. Naturally, managed service providers (MSPs) are doing the same to support their clients. Depending on their solution stack, however, MSPs may struggle to make the shift, especially regarding client identities and access control.

Managing Remote IAM for Clients

Critical for any organization, identity and access management (IAM) plays a key role in an MSP’s offering. Thankfully, many MSPs are already accustomed to remote management; tools like RMM and web application SSO are standards in the average solution stack.

The shift to remote work affects how most if not all client end users operate. Keeping end users moving in home offices often requires VPN infrastructure for remote access, as well as training on proper WFH policies and best practices.

MSP organizations that have an in-person presence in their clients’ offices, especially ones with on-premises IAM infrastructure, find that shifting those clients to fully remote work proves more difficult than others. In order to manage these clients, MSPs need to roll out more VPNs to connect their technicians and end users to on-prem identity providers.

Using On-Prem IAM to Manage Remote Clients

More often than not, Microsoft® Active Directory® (AD) serves as a client’s on-prem identity provider/directory service. AD excels at managing Windows® systems and other resources when everything can be found within the four walls of the office — including users.

Given the prevalence of web applications, Mac® and Linux® systems, and now fully distributed client workforces, AD cannot cut the mustard by itself. There are MSPs that opt to use best-of-breed add-ons to AD, such as targeted web app single sign-on (SSO) and identity bridge solutions.

These cloud tools provide world-class remote IAM control, but only to the client-specific needs that AD struggles to manage. They also end up costing more than other solutions of their type, and force the MSP to manage multiple relationships with disparate vendors to get the training and support they need to prepare their clients.

New Horizons from the Cloud

Clients may be hesitant to adopt new processes, but their existing IAM stack may not be covering the needs of modern demands like heterogeneity and remote work. Instead of leveraging the same cobbled together approach of numerous point IAM tools, MSPs should instead consider a comparable solution that offers IAM through an all-in-one platform. Often, all-in-one offerings feature similar levels of features as dedicated tools, but severely cut down on costs and create a single point of contact for MSPs that need product support.

Beyond that, MSPs need their clients’ IAM infrastructure to be easily managed from everywhere — no matter where technicians or users find themselves. The cloud offers a new centralized IAM option for MSPs by way of a cloud directory service. 

How a Cloud Directory Service Simplifies IAM

A cloud directory service, or Directory-as-a-Service®, provides MSPs with the control they need to remotely manage client devices, identities, and access from a single cloud console. With JumpCloud® Directory-as-a-Service (DaaS), one identity is all an end user needs to be able to securely leverage their work resources from anywhere, providing True Single Sign-On™ to end users.

Device Management

A client end user’s device is their gateway to all of their IT resources. DaaS manages Windows, Mac, and Linux systems remotely through Policies, group policy object (GPO) analogues that MSPs can apply to multiple platforms across client organizations. Policies like full disk encryption (FDE), screen lock, and more secure remote client user devices. With Commands and the PowerShell Module, MSPs can control systems remotely, including patching zero-day bugs and other bulk actions across client fleets.

DaaS also features System Insights™ capabilities, allowing MSPs to visualize core performance and configuration data for client systems. System Insights data enables MSPs to not only hone in on potential issues that could slow down users or create security vulnerabilities, but also demonstrate IAM accomplishment to clients, building trust.

Identity Management

Because DaaS leverages one core identity for authentication, that identity needs to be tightly secured so that client organizations remain safe from attack. MSPs can use DaaS to enforce multi-factor authentication (MFA) at virtually all logins, including systems, apps, and VPNs, protecting them from many forms of attack.

When end users need to change their passwords, MSPs can set complexity requirements to meet security best practices, and end users can make the changes themselves, directly from their systems. System-based password management circumvents potential phishing attempts and also alleviates the time an MSP spends managing user passwords, providing a more convenient user experience in the process.

Access Control

In order to provide a True Single Sign-On experience, DaaS uses authentication protocols like SAML, LDAP, and RADIUS, to provide access to web apps, cloud infrastructure, and on-prem networks. Remote client users simply sign in to their cloud-based user portal to access virtually all of their required tools.

From an MSP’s perspective, all administration happens from one pane of glass. DaaS also offers a multi-tenant admin portal that gives a top down view of all client organizations, allowing MSPs to focus on specific organizations as needed.

Learn More

If you’re interested in how Directory-as-a-Service can help you manage remote client users, check out our new video tutorial course to learn DaaS work into your business model, available here.

JumpCloud Partner Program

The JumpCloud® Partner program works with MSPs and resellers to provide centralized IAM to their clients, along with competitive margins, co-marketing opportunities, and other learning materials like the video above. 

Click here to learn more about becoming a Partner.

Continue Learning with our Newsletter