At our most recent Office Hours panel discussion, the internal JumpCloud® IT team shared tips and tricks they use to streamline user onboarding and offboarding.
JumpCloud is a comprehensive cloud directory platform that IT administrators use to manage user identities, access, and devices — all from a single pane of glass. JumpCloud offers system management controls for macOS®, Windows®, and Linux® machines, as well as Apple MDM. We use the platform internally, and our IT team onboards groups of users in less than an hour, and they also have a documented process to quickly offboard users and ensure security.
Here’s a recap of what JumpCloud administrators Ryan Bacon and Noah Rosen shared:
Remote User & Device Management
JumpCloud uses a system agent to control devices, no matter where they’re located. If you’re rolling out JumpCloud to remote machines for the first time, you can prompt JumpCloud users to install the agent to their machines directly from their web-based User Portal.
“It installs the agent on the machine, and that’s really the gateway that we use to push out commands, Policies, user bindings, and everything like that,” Bacon said.
You can also automate the process if you have access to the system via another tool.
“You can install the agent entirely from the command line, as long as you have a way to get the installer file on their system,” Rosen said. “You don’t need to log into the web portal on every system. It can be totally automated through scripting.”
Once the agent is installed, you can begin to manage the machine by deploying pre-built Policies tailored to each operating system — macOS, Windows, or Linux — and custom commands from the Admin Portal. You can also provision the user’s same core identity to their other JumpCloud-connected resources via integrations and protocols including SAML, LDAP, and RADIUS.
User Onboarding with JumpCloud
Rosen configures machines before shipping them to new users. He runs a bash script to install the necessary applications and make configuration changes. He also runs a script to provision them to any web service they need and bind them to their machines. The process takes less than an hour for new groups of users now — but he and Bacon are confident that the process will get even quicker.
“We’re confident that as the MDM functionality grows and develops with JumpCloud, that time will continue to shrink as we get closer and closer to true zero-touch onboarding,” Bacon said.
Bacon and Rosen use the cloud LDAP functionality to synchronize the user directory with their asset management system. That way, when they provision a user during onboarding, their script uses an API call to in the asset management system which machine that user is bound to. They also track other high-cost items, like monitors.
User Offboarding with JumpCloud
To offboard users, Bacon and Rosen have developed a script that uses the JumpCloud PowerShell Module — though you can also use API calls to automate the process.
First, they change the user’s password, and that password change is propagated to any JumpCloud-managed resources. Then, they delete the user from JumpCloud, which revokes that user’s access. They delete as many connected accounts as possible using the script, which they follow up with API calls for resources that don’t integrate with JumpCloud.
Their offboarding script also creates a checklist that records which admin took the action and when, and that checklist is automatically emailed to HR in a PDF when the process is complete. In a situation where they quickly need to lock down a user system — either in a sensitive offboarding situation or when a machine is lost or stolen — they can use JumpCloud’s Apple MDM feature.
“You can use the MDM functionality of JumpCloud to lock the system in a way that essentially makes the system a brick until it gets back to the IT department, or the administrator can unlock it,” Rosen said.
JumpCloud enables seamless IT operations — no matter where admins, users, or devices are located. Watch the full Office Hours recording here to hear more of what Bacon and Rosen shared about their own processes, as well as to see them run through live demonstrations.
Register here to save a seat at upcoming Office Hours sessions, which we host each Friday and which feature rotating panels of experts on a variety of IT topics.