Newsletter 11/19: Suspend User, Duo MFA, SAML JIT

By Zach DeMeyer Posted November 25, 2019

Welcome to the November edition of your JumpCloud® Newsletter! Within, you’ll find updates like the release of the Suspend User state so you can quickly lock down resource access, expired password reset notifications for macOS® so Mac users never forget to update their password, and more Just-in-Time provisioning for popular SAML connections. You’ll also learn about our partnerships with Duo and Workato to help maximize your ROI with MFA and automation capabilities, respectively.

What’s inside: 

New Product Releases

  • What’s New in the Admin Portal 
  • Suspend User
  • User Portal MFA with Duo Security
  • Expired Password Reset Notification for macOS®
  • Disallow Users from Editing Attributes
  • Policy Updates: Share Your Thoughts!

Coming Soon

  • Provision Users to AD from the Cloud with AD Integration
  • Auto-Provision User Accounts to More Apps with SAML Just-in-Time (JIT)

JumpCloud News and Events

  • Webinar: End-to-End IT Automation with JumpCloud and Workato

As always, find a more technical breakdown of our recent releases in our November release notes.

What’s New in the Admin Portal

JumpCloud’s Admin Portal now gives in-console information on our latest feature releases so you hear about product updates right from where you’re working. Click on the gift box icon to expand the What’s New section to see an up-to-date list of recent releases with links out to additional information if you’d like to learn more.

Suspend User

Admins, you can leverage JumpCloud’s Suspend User feature to off-board or temporarily revoke a user’s resource access while retaining their records.

  • Instant lock down: When a user is suspended, their system access across whichever OS they use (Mac, Windows, or Linux) is immediately locked down so you have a failsafe in the event of a serious issue.
  • Feature behavior: Suspended users can’t reset their password or take any other action to restore access—only Admins can control that. When you unsuspend a user, their resource access is restored.
  • Bulk suspension: Select one or many users to place into a suspended state when you need to govern access to company resources. Suspended users won’t be able to access any JumpCloud-provisioned resources you manage. 

Learn how to suspend a user at the link below.

User Portal MFA with Duo Security

JumpCloud is now integrated with Duo, enabling MFA at login for the JumpCloud User Portal. You can use the integration to take advantage of: 

  • Frictionless MFA: Use push notifications, phone callbacks, mobile passcodes, or U2F security keys to streamline the MFA process.
  • Contextual security policies: Restrict access based on location, IP address, and/or biometrics to further lock down your users’ application access.

Check out the Knowledge Base link below to learn how to use Duo MFA in your JumpCloud instance.

Expired Password Reset Notification for macOS®

Live Mac App

Ask any IT admin: It can be a major headache to make sure employees update their passwords to keep their credentials (and the organization) safe. JumpCloud currently alleviates this headache by making it easy for employees on macOS systems to keep their passwords up-to-date by notifying them of an approaching password expiration and prompting them to create a new one in their JumpCloud Mac App.

This update is the latest among several failsafes that ensure that when a user’s password expires, they’re immediately notified to update their password (such as directly on the login screen of their macOS host) so they won’t lose access to critical accounts and resources—and they can self-serve their password reset without IT getting involved. 

Learn more about the expired password reset notification for macOS® in the article below.

Auto-Provision User Accounts with SAML Just-in-Time (JIT)

JumpCloud’s updated SSO feature allows you to use SAML JIT provisioning for web-based services. We’re continuing to expand these capabilities to help automate user lifecycle management — meaning less manual configuration for you. You can now automatically provision users in the following web applications: 

  • Aha!
  • Atlassian Cloud
  • JAMF Cloud
  • InsideView
  • MindTouch
  • Showpad
  • Zoom

These connectors are next in line for JIT provisioning: 

  • Slack
  • DropBox
  • SalesForce
  • Meraki Dashboard
  • Datadog
  • WordPress
  • Zendesk
  • GitLab
  • Box
  • Freshdesk
  • Auth0
  • Freshservice

We’ll be extending our list of pre-configured SAML connectors to provide you with wider support for user provisioning and user account lifecycle management, leveraging standards like JIT or SCIM. Do you have feedback on the applications you want JumpCloud to support? Let us know by completing the survey linked to below, and you’ll be entered in a drawing to win a $25 Amazon gift card!

Disallow Users from Editing Attributes

This new administrative setting lets you decide if end users should have the ability to update their personal attributes in their JumpCloud portals, which might impact things like the display name field in Office 365™, effectively making their User Portal profile values only editable by the admin.

  • This feature currently applies to all users. If you turn it on, it’ll be on for all your end users.
  • When turned on, this setting enables users to view but not edit their attributes in their user portal, so user attribute updates are managed at the admin level.

This setting is turned off by default, meaning users are able to view and edit personal attributes.

Policy Updates: Share Your Thoughts!

We’ve been hard at work to ensure that the JumpCloud Policy Library is robust enough for your organization’s endpoint security needs. In fact, we’ve released upwards of 150 new Windows policies

We’d love to hear about your experience with JumpCloud Policies and what’s important to you in securing and configuring your fleet of systems. Follow the link below to share your thoughts with us.

Provision Users to AD from the Cloud with AD Integration

Keep an eye out for updates as we continue to build out our AD Integration feature which helps you manage non-domain resources through your AD instance. These will enable you to further manage your entire AD user lifecycle from the cloud, leveraging similar levels of control without you or your users needing to be on-prem: 

  • Unbind or create new users in AD: Create AD users directly from your JumpCloud Admin Portal and connect them to all domain and non-domain resources with a few clicks.
  • State management: Update user states in AD via JumpCloud, such as suspended users.
  • Group management: Add or remove users from AD groups through JumpCloud. Manage access and policy settings instantly.

Learn more about AD Integration in the article below.

Webinar: End-to-End IT Automation with JumpCloud and Workato

JumpCloud and Workato have joined forces to provide customers with new orchestration capabilities for identity management and IT-related workflows. As a part of our partnership with Workato, JumpCloud Chief Strategy Officer Greg Keller and Workato VP of Business Development Markus Zirn will host a webinar, “Driving Higher Employee Engagement With Better Employee Experience (EX),” on Dec.12th at 11 AM MDT.

Sign up via the link below to join their discussion on how to create a seamless experience across the lifecycle of employment.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts