Understanding Policies: JumpCloud App Controls

By Zach DeMeyer Posted November 26, 2019

GPO Like Policy

By implementing Policies, JumpCloud® admins can automate much of their system security management. The JumpCloud App Control Policy for macOS® is essential to promote user password self-service at scale.

What is the JumpCloud App Control Policy?

The JumpCloud App Control Policy allows organizations to control whether the JumpCloud Mac® App appears in a user’s macOS system tray bar. The policy utilizes the JumpCloud system agent to either hide or display the JumpCloud Mac App symbol (shown below).

Why Use the App Control Policy?

The JumpCloud Mac App gives users the ability to update their passwords directly from the desktop screen of their Mac system. As seen in the image above, fictional user Justin Boyle can fully reset his JumpCloud password, which is guarded by JumpCloud multi-factor authentication (MFA), all without leaving the home screen of his workstation.

This password is then propagated to all the resources to which Justin is granted access through JumpCloud. For organizations using JumpCloud’s AD Integration feature, note that this password change is also synced to Active Directory, meaning that Mac users only need to change their password once and will still have secured access to all their IT resources.

By providing users with password self-service, IT admins find they receive considerably fewer help desk tickets, as many of the constant requests they field involve password management. Users are empowered to choose passwords that are complex enough to meet organizational requirements, but also personal enough that they will be easier to remember. In the end, these self-service password resets benefit both the end user and admin alike, all while promoting security organization-wide.

Password Expiration

When an organization has password expiration policies in place, the Mac App will automatically notify a user that their JumpCloud password needs to be reset as the password expiration date draws nearer. When a user has reached the end of their password’s lifecycle, JumpCloud will notify them directly from their Mac login window and prompt them to update their password to avoid losing resource access.

On the flip side, for organizations without password expiration policies, or those that don’t allow end users to change their passwords themselves, the App Control Policy can disable the Mac App, restricting end users from changing their passwords from their desktop screen.

How to Use the App Control Policy

Like all JumpCloud Policies, the App Control Policy can be enabled in the JumpCloud admin portal under the Policies tab. Admins can decide to apply the policy to individual systems, as necessary, or across entire system fleets using JumpCloud Groups. Once applied, the policy is enabled instantly via the JumpCloud system agent.

New to JumpCloud?

If you haven’t heard of JumpCloud Directory-as-a-Service® but are curious about end user self-serve password management, check out the cloud directory service today. You can try all of the JumpCloud product, including Policies, absolutely free. Just sign up for a JumpCloud account, and you can start using the product for up to 10 users at no cost to you, no credit card required.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts