The past several years have been transformational for many IT departments. Remote work became indefinite and accelerated the adoption of cloud services and extended on-premises resources to the WAN. Identity is foundational to access control, and consequently, identities (not network domains) have become the new perimeter. JumpCloud’s open directory platform makes it possible to incorporate identities from anywhere while managing devices as a gateway. It securely centralizes access to what your team needs to make work happen.
This article provides a recap of the Q1 2023 roadmap webinar and outlines what’s coming next.
Open Directory Platform
JumpCloud’s open directory is not locked down to a single technology stack or vendor. You can mix and match identity sources, authentication targets, and access management environments. Q1 enhancements will simplify the flow for single sign-on (SSO) and identity management integrations, improve application integrations, and begin to automate group memberships. For example, JumpCloud will take action when a change is made in a human resources system.
New capabilities slated for Q1 include:
- Importing user updates
- Scheduled user imports
- Exporting users via REST API (Q2)
- Automated group memberships
- Enhanced app integration flow
- SCIM catalog expansion automates account creation
IT admins will make granular decisions about how to authenticate users into the platform by using different technologies for different sources. For example, TOTP and SAML could be used for some services while certificates are required to access others.
This change will first be noticeable in the Admin Portal where we’ll be introducing more multi-factor authentication (MFA) capabilities and the option for more sophisticated password policies. These features will then be mirrored in the User Portal.
Over time, SSO device logins will be leveraged to access other resources. More passwordless options and simpler user flows for third-party authentications will be added later in 2023. In summary, JumpCloud’s new authentication features will include:
- A more secure Admin Portal
- Passwordless options (H2)
- Federated authentication (H2)
Identity and Access Management (IAM)
JumpCloud is uniquely positioned to leverage its dual presence in device and identity management to introduce robust conditional access policies. Password Manager and MFA enhancements reduce friction for end users while improving your security posture.
Protecting Against Push Bombs
MFA fatigue attacks are increasing and have been implicated in several high-profile breaches. JumpCloud is responding to that risk by introducing several additional protections. Geolocation information was added to notifications in late 2022; and the next steps will be to limit push attempts on the backend, add challenge codes in JumpCloud Protect™, and introduce deny reasons. Deny reasons allow a user to flag a malicious request to notify administrators of a potential attack. Admins will then be able to take action by locking the account and revoking any exposed credentials before the attacker can gain access.
Conditional Access Device Posture
JumpCloud is combining device management and IAM capabilities to strengthen conditional access rules. Existing rules focus on the user context. New rules will examine device posture prior to making access decisions. For example, confidence is higher when a device is up to date with patches and has antivirus software (EDR) installed. The initial round of device conditions will include:
- Disk encryption (GA)
- OS version
- Antivirus status
- Browser status
Future rule releases will incorporate more sophisticated context scenarios that leverage risk-based evaluations, i.e., detecting and evaluating anomalous user behaviors.
JumpCloud’s Password Manager has a decentralized architecture that eliminates master passwords. Master passwords are usually considered a weak point of many cloud-based password management solutions. Consequently, there’s been significant growth in user adoption and many feature requests from our customers. Deliverables for Q1 include:
- A Safari browser extension
- Password Manager account recovery
- The ability to create shared folders
- New Password Manager policies
- Enhanced account import flows from third-party password managers
- A password health score
- Password Manager logs on Directory Insights
JumpCloud has extended support for Windows by blending its agent-based endpoint management approach with Microsoft’s mobile device management (MDM) protocols. Patch Management is broadening its release to browsers and popular third-party applications. We’re also close to an Android enterprise mobility management (EMM) release, broadening our Apple and Linux device policies, and introducing an autonomous device onboarding framework.
Windows Self-Service Onboarding
- Use the standard Windows Out-of-Box-Experience (OOBE) with JumpCloud MDM
- Enroll an existing device via Settings (Add Work Account) or via the JumpCloud user portal (MDM only)
Android Enterprise Mobility Management
JumpCloud’s EMM for Android will be certified for Google’s Android Enterprise to set up, secure, and manage Android devices. This release will have parity with our existing iOS/iPadOS offerings. The initial launch will feature the ability to:
- Enforce device and work profile security
- Lock, wipe, and reset devices
- Drive device compliance
- Search, organize, and distribute apps
Live Assist: JumpCloud’s free Remote Assist product was released in 2022. Its workflow originated with support tickets, leading to issuing session tokens with explicit user opt-in. We’re adding the option for support technicians to prompt the user to start a session and the capacity to copy and paste. Significantly, IT admins can now control group or global opt in/out from the Admin console. This provides granular control over application components for compliance.
Silent Assist: IT admins will soon be able to access corporate-owned devices without end users present. This makes it easier for teams to manage IT infrastructure and help behind the lockscreen. JumpCloud’s objective is to deliver full remote monitoring and management (RMM) by the end of the year. Note that sessions have default time limits and don’t persist.
Global CDN for Agent Deployment
A global content delivery network (CDN) will ensure faster agent installs for global customers. Additional servers are presently being introduced.
Browser support: JumpCloud is extending OS Patch Management by delivering simple (but powerful) Chrome management. Features planned for Q1 and beyond are:
- Preset policies for Chrome, Edge, Firefox (Apple manages Safari)
- Policies that are “universal” and apply cross-OS
- The ability to force browser update
- The ability to manage employee browser settings
Enforce third-party apps: Patch Management is moving down the stack to include top enterprise apps. JumpCloud will ensure that your most valuable line of business apps are kept up to date in a very seamless way. Patching helps to make employee workstations more safe and secure.
Policy: Windows Bitlocker Policy Roadmap
JumpCloud delivered complete policy controls for encryption on all fixed local disks in 2022 and improved platform behaviors around Trusted Platform Module (TPM) enabled machines.
Customers who have already deployed policies can seamlessly switch on the new options.
|Out-of-the-box system disk full encryption policy Recovery key escrow for lockout use casesSimple and easy||Support audit use cases and simplify troubleshooting with enriched status reportingView TPM presence on device and status in System Insights||Encrypt all fixed local drivesTPM unlock mechanism for resilience||Encrypt removable drivesFast encryption – encrypt used space only|
More Policies for macOS and iOS/iPadOS
Apple device support is continuing to make significant quarterly progress with the objective of providing the most robust solution on the market over time. New policies for Q1 are:
- A content Caching Service Policy for better network performance
- A Malwarebytes Pre-Built Agent Policy
- A Simple Certificate Enrollment Protocol (SCEP) Policy
- A HTTP Proxy Policy
More Linux Policies
- SSH Timeout Policy
JumpCloud’s commands are one of the most used features in the platform. We’re introducing templates for command reuse in addition to command triggers that will simplify device onboarding by automatically enrolling new hardware with the appropriate security baselines. You’ll be able to automatically run preset policies and commands on new devices.
Command triggers operate on events such as:
- On Enrollment
- On Next Login
- On Every Login
Default OS groups: Auto-populate newly enrolled devices into a group based on their operating system. A new device will bind to default company policies for an OS, which partially automates your enrollment flow. This reduces management overhead while adding more custom orchestrations and delivering seamless experiences for user onboardings.
Our mission is to provide observability, analytics, and insights into activities within the JumpCloud ecosystem. We do this by collecting relevant data at scale, by generating the right events, and by building the right data relations and connections. This is made possible through backend work that helps with compliance and security. This work is focused on:
- Speed: MSP ticket integration.
- Scale: Enhanced infrastructure for faster results, culminating in a “push” model to export events (in addition to our existing API) into a SIEM. This is made possible through Apache Kafka and data pools that will increase visibility and responsiveness for compliance and reporting.
- Clarity: Data catalog additions for a common set of attributes and schema across all events.
Other upcoming improvements target widgets, data normalization, and data retention.
Multi-Tenant Portal (MTP)
JumpCloud is adding several MSP-specific enhancements that will help you securely and efficiently provide your customers with seamless access to their IT resources.
These include widgets for:
- Creating Users/Devices Page for MTP with bulk action capabilities
- Creating a Command Page allowing commands to be run, created, modified, etc.
- Creating a widget to generate reports across organizations while remaining on the homepage
Data Normalization and Retention
- We’re extending data retention to 365 days
- We’re introducing unified data structures across all platforms
- Additional events are being added to support new feature releases
New Reports and Reporting Capabilities
We will focus our efforts on widgets and reporting to align with JumpCloud becoming an open platform and best-in-class device management system. We’re also beginning to introduce enhancements such as report filtration to make sorting possible prior to report generation.
JumpCloud offer a free trial to help get you started. MSPs can sign up for a tenant to try out the platform without a formal partnership agreement. Feature requests and roadmap discussions can be initiated within our community.
JumpCloud’s features are broadly driven by customer requests, and we’re humbly soliciting your feedback for suggestions on new OS policies and preferences for event stream processing. You may also request beta program access for our mobile admin app (a popular customer request).