Product Updates: Flexible Sudo Settings, More

By Greg Keller Posted April 6, 2016

On the wave of the new system/user binding UI treatments and workflow released recently, a swarm of new updates are now finishing their final quality checks in preparation for launch. This blog post will break down those updates to provide an understanding of their use cases and behavior to ensure you are made aware prior to their release. The new functionality is described below in detail.

Greater flexibility in setting users administrator/sudo flags on individual systems

Historically, JumpCloud provided an attribute on a User which was intended as a global setting which dictated whether the user was to be a sudo/administrator on systems they were bound to. This global setting, however, provided little flexibility to set the user as an admin on one system (e.g. their personal workstation) and standard/non admin access on another (e.g. a shared Windows or Linux server). In the administrator’s UI, this global setting manifested itself as 1) an icon in the user list view and 2) the global settings in the user’s details as seen below:

Moving forward, we are modifying this behavior. To provide the flexibility required to accommodate these needs, the new behavior within the admin console will work as follows:

[NOTE: You can see a complete step by step walk through of this new set of sudo/admin functionality here in this Knowledge Base article]

Setting sudo/administrator from the System’s details

a. Within User Bindings, select the User that is to be bound to the system

b. Pull down the dropdown to select the desired setting:

Setting sudo/administrator from the User’s details

a. Within System Bindings, select the system the user should be bound to

b. Pull down the dropdown to select the desired setting:

Notes:

  • The global admin/sudo settings found within User Details will be deprecated. All settings will take place in the methods described above.
  • The iconography on the user list view will be deprecated.
  • All pre-existing sudo/admin settings on systems will be ported and unchanged. Administrators can now selectively ‘back off’ specific machines the user should not be an admin on, exploiting these new flexibilities.

Auto-generated Passwords in RADIUS server

JumpCloud’s RADIUS facility will also introduce a new security feature: auto-generated complex passwords. You will find this option as depicted in the screenshot below. A JumpCloud administrator can now elect to use this option to create complex, 31 character, passwords to improve the security of the services utilizing your JumpCloud RADIUS servers.

Notes:

  • All pre-existing RADIUS passwords will be preserved.
  • Auto-generated passwords will create 31 character passwords including numbers, variable chase and special characters.
  • Auto-generated passwords can be truncated or overwritten if absolutely required.

Improved security in the User Portal by forcing the MFA QR and TOTP codes to display on demand

For security and compliance reasons, many customers have requested the need for the employee expose or hide the MFA QR code within their User Portal when required for Google Authenticator synchronization. This release now provides a toggle as seen below to perform this action. The user will elect to expose the TOTP information at the time they need it, and will no longer be displayed at all times in the User Portal.

Hostname and other system attributes now reflect in System Details when changed on the host

Historically, when an agent was installed on a host system, the agent would populate the System Details fields with basic data: hostname, IP address, etc. When and if the data on the host was changed (e.g., hostname), this data was not synched back to the JumpCloud admin console with the system’s details. Now, when those changes are made on the host, JumpCloud will appropriately reflect the change.

Notes:

  • With this release, the hostname update on the system will also update the system’s “Display name” in the Admin Console (Display name is what is displayed in the system list view) as long as the Display name was not modified by the admin.
  • Interval time for updating this system detail data within the JumpCloud admin console is roughly every 60 minutes.

Support for Amazon Linux 2016.03 is now live

Support for Amazon’s 2016.03 Linux AMI is now live. Agents can be successfully installed on this distro.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts