JumpCloud’s product roadmap introduces federation to secure access to all resources, no matter where identities reside. Automations and workflows are en route to expedite onboarding endpoints by levering the convergence of identity and device management. Admins will be more productive, and accessing resources will be simpler for end users with their devices serving as secure gateways. We’re also improving the platform experience with phishing-resistant modern authentication and introducing more passwordless workflows to increase security and usability.
This article provides a quick summary of JumpCloud’s Q2 2023 product roadmap webinar for everyone who didn’t have a chance to attend live. You may also watch a recording of the event.
Open Directory Platform
JumpCloud’s open directory platform future-proofs your organization by connecting anything to everything and preventing vendor lock-in with open identity standards. Identity federation will make it possible to manage users, authentication, and access to resources everywhere.
We’re leveraging tokenized, federated authentication of users with Google, Okta, and soon, any Identity Provider (IdP) of your choosing. JumpCloud will make it possible to bring your own IdP.
Bring Your Own IdP
Federation makes it possible for small and medium-sized enterprises (SMEs) to manage all of their endpoints with JumpCloud. Users will sign in using their IdP of choice, and existing credentials and policies will be applied to them. Identities and policies will no longer have to be re-created in JumpCloud, permitting SMEs to leverage their existing identity and access management (IAM) infrastructure. For example, users that were created in Google Workspace can have their endpoints managed by JumpCloud through federation and open standards.
JumpCloud increases security by layering on multi-factor authentication (MFA) and conditional access policies. End users won’t have to manually log into their resources during the workday. JumpCloud is developing new technologies that will make this process even more secure.
Next-Gen Device Trust
Authentication flows will soon be protected by a device-bound credential that’s hardware protected and phishing resistant. This is an upcoming feature that’s intended to make passwordless modern authentication accessible and easy for SMEs to adopt.
JumpCloud is the only platform vendor who can protect your resources with integrated, seamless device and identity management. As we move ahead, the open directory platform will make more authentication decisions based on device management and posture. JumpCloud’s unified endpoint management (UEM) will work in unison with IAM for continuous evaluation.
Let’s explore what’s coming for Windows, Android, and cross-OS software management.
JumpCloud recently launched Windows mobile device management (MDM) to augment our native agent with tamper-proof policies and support for the latest Microsoft technologies.
Upcoming enhancements include:
- An admin toggle to convert from JumpCloud Agent to MDM enrollment
- Easy provisioning package creation for device staging, which can dramatically reduce time spent onboarding systems
- The ability to build out configuration service provider (CSP) policies
JumpCloud recently launched integrated Android Enterprise Mobility Management (EMM) to support BYOD and CYOD use cases. EMM is being enhanced with:
- Pre-built Google-recommended policies
- Support for fully managed corporate-owned devices
- Zero-touch enrollment for corporate-issued hardware
- Support for dedicated single use device configuration will arrive later this year
Admins will soon be able to upload, deploy, and update private Windows and macOS apps using a private repository. Features include:
- Files scanned for integrity on upload and controlled versioning
- File size limits removed for custom macOS apps
- Extended fee-based storage available if needed
App Store Capabilities
macOS VPP and Windows Store apps can now be both deployed and updated. Automated patching of third-party apps will be introduced as a follow-up in the future.
We’re also helping admins to manage all of their assets, without exceptions.
Identity and Access Management
Apps sometimes don’t support existing protocols, but users still need access to the resources they need to do their jobs with managed access. In that event, JumpCloud will still make it possible to onboard every resource with the introduction of a new provisioning API. It will:
- Programmatically provision, update, deprovision
- Support apps that don’t leverage existing protocols
- Increase onboarding efficiency and security
Next, let’s explore how automations and workflows will make JumpCloud work even better with easier onboarding and by streamlining platform administration.
Workflows and Automation
Our objective is to reduce repetitive administrative tasks with easier setup and compliance. This initiative includes enhancements to features you already use including groups, policies, and remote assistance. The platform will work more intelligently while offering more visibility.
Fully Automated Dynamic Groups
JumpCloud’s dynamic groups utilize attribute-based access control (ABAC) to assist admins by making suggestions to help manage the identity lifecycle across users and devices.
Enhancements are consistent across user and device groups, and will include:
- Greater automation with options for manual reviews.
- Improved “Exemptions” experience for users or devices where an admin doesn’t want the rule to apply. It’s designed to be quicker and easier to use.
- Default groups that just work by default.
- Users – All Users, Devices – OS Family
Device Policy Compliance Baselines
JumpCloud Policy Groups will receive a new compliance check option. Automation helps to ensure that devices are sorted into the right group to apply the appropriate policies for each OS. Dynamic Groups that admins associate with compliance will automatically display device compliance counts, making it easier to establish (and verify) a security baseline for your fleet.
JumpCloud Reports will provide audit logging details to help admins to determine when and how a policy failed to apply to an endpoint. This capability will be initially focused on increasing “visibility” when it goes live, and will evolve to make more remediations available over time.
Top Orchestration Use Cases
The webinar also outlined multiple use cases where orchestration will improve compliance and security, as well as more efficient use of resources. Significantly, they include advancing the principle of least privilege with time-limited privileged access management for admin accounts.
- Compliance – Automatically take action (lock, group membership, alert) upon device falling out of compliance with encryption or firewall policy.
- Temporary access – Give user access to a resource with a time limit. Once the time limit expires, access to resources is automatically removed, e.g., limited admin sudo.
- Inactivity – Automatically suspend user upon inactivity over x days.
- Inactivity – Automatically remove access and deprovision user from SSO app upon inactivity with that app over x days. Save a license and do more with less.
- Dynamic Groups – Ability to create a custom attribute upon membership.
- Easy application of custom attributes
- Leverage custom attributes in rules for dynamic groups
- Nested groups
- Dynamic Groups – Ability to delegate group membership approval to another role (new role – group membership approver).
- Dynamic Groups – Add additional operators (“contains” or “regex” and “not in”).
Our objective is to make it possible for one individual within an SME to run the “whole show”.
Next, we’ll preview how device health monitoring will make compliance and support easier. Device health monitoring is a natural extension of JumpCloud’s unlimited remote assist.
Device Health Monitoring
Remote assist will soon provide admins with more control within a remote session. Support may also be more proactive. For example, an admin can step in and make targeted changes when an endpoint is out of compliance. We’re planning to ship helpful new features, including:
- A remote command line
- Remote file explorer/transfer
- A remote process manager
- Programmable device alerts
- Automatic alert remediations
- A fleet health dashboard
- Multiple-Tenant Portal (MTP) dashboard integration for partners
Lastly, we’ll be enhancing the apps that are available with the JumpCloud platform. Admins will be able to remove passwords from browsers via a decentralized password manager while preserving productivity and compliance, and we’re improving how Push MFA works for users.
JumpCloud Password Manager
Upcoming administrative features include:
- The ability to recover a user vault from cloud
- The ability to protects vaults without a second device
- Backups are protected by PKI encryption keys and a secret
- The ability for admins to create and manage shared folder structures
- The ability to push settings down to users
- Automatic logging for faster product support
- Sync optimization
Improved user experience:
- A redesigned Import Wizard
- A new Safari Browser Extension
MFA push notifications are now more convenient than ever when actioned from iOS and Android lock screens. Biometrics can protect authentications that occur from the lock screen.
Do More with JumpCloud
We value your feedback, which directs the development of the JumpCloud platform.
Customers may contact their account manager for early access to new features. JumpCloud is always available free of charge for up to 10 users or devices with full functionality. We provide complimentary 10-day chat support to help you get the most out of your deployment.
In the meantime, if you need to get going fast and be sure everything is set up correctly the first time, our Professional Services team is available — find a 30-minute slot that works for you.