Q2 2023 Roadmap Webinar Recap

JumpCloud’s product roadmap introduces federation to secure access to all resources, no matter where identities reside. Automations and workflows are en route to expedite onboarding endpoints by levering the convergence of identity and device management. Admins will be more productive, and accessing resources will be simpler for end users with their devices serving as secure gateways. We’re also improving the platform experience with phishing-resistant modern authentication and introducing more passwordless workflows to increase security and usability.

This article provides a quick summary of JumpCloud’s Q2 2023 product roadmap webinar for everyone who didn’t have a chance to attend live. You may also watch a recording of the event.

Open Directory Platform

JumpCloud’s open directory platform future-proofs your organization by connecting anything to everything and preventing vendor lock-in with open identity standards. Identity federation will make it possible to manage users, authentication, and access to resources everywhere.

We’re leveraging tokenized, federated authentication of users with Google, Okta, and soon, any Identity Provider (IdP) of your choosing. JumpCloud will make it possible to bring your own IdP.

Bring Your Own IdP

Federation makes it possible for small and medium-sized enterprises (SMEs) to manage all of their endpoints with JumpCloud. Users will sign in using their IdP of choice, and existing credentials and policies will be applied to them. Identities and policies will no longer have to be re-created in JumpCloud, permitting SMEs to leverage their existing identity and access management (IAM) infrastructure. For example, users that were created in Google Workspace can have their endpoints managed by JumpCloud through federation and open standards.

JumpCloud increases security by layering on multi-factor authentication (MFA) and conditional access policies. End users won’t have to manually log into their resources during the workday. JumpCloud is developing new technologies that will make this process even more secure.

Next-Gen Device Trust

Authentication flows will soon be protected by a device-bound credential that’s hardware protected and phishing resistant. This is an upcoming feature that’s intended to make passwordless modern authentication accessible and easy for SMEs to adopt.

Devices

JumpCloud is the only platform vendor who can protect your resources with integrated, seamless device and identity management. As we move ahead, the open directory platform will make more authentication decisions based on device management and posture. JumpCloud’s unified endpoint management (UEM) will work in unison with IAM for continuous evaluation.

Let’s explore what’s coming for Windows, Android, and cross-OS software management.

Windows MDM

JumpCloud recently launched Windows mobile device management (MDM) to augment our native agent with tamper-proof policies and support for the latest Microsoft technologies.

Upcoming enhancements include:

• An admin toggle to convert from JumpCloud Agent to MDM enrollment
• Easy provisioning package creation for device staging, which can dramatically reduce time spent onboarding systems
• The ability to build out configuration service provider (CSP) policies

Android EMM

JumpCloud recently launched integrated Android Enterprise Mobility Management (EMM) to support BYOD and CYOD use cases. EMM is being enhanced with:

• Pre-built Google-recommended policies
• Support for fully managed corporate-owned devices
• Zero-touch enrollment for corporate-issued hardware
• Support for dedicated single use device configuration will arrive later this year

Software Management

Private Repository

Admins will soon be able to upload, deploy, and update private Windows and macOS apps using a private repository. Features include:

• Files scanned for integrity on upload and controlled versioning 
• File size limits removed for custom macOS apps
• Extended fee-based storage available if needed

App Store Capabilities

macOS VPP and Windows Store apps can now be both deployed and updated. Automated patching of third-party apps will be introduced as a follow-up in the future.

We’re also helping admins to manage all of their assets, without exceptions.

Identity and Access Management

Provisioning API

Apps sometimes don’t support existing protocols, but users still need access to the resources they need to do their jobs with managed access. In that event, JumpCloud will still make it possible to onboard every resource with the introduction of a new provisioning API. It will:

• Programmatically provision, update, deprovision
• Support apps that don’t leverage existing protocols
• Increase onboarding efficiency and security 

Next, let’s explore how automations and workflows will make JumpCloud work even better with easier onboarding and by streamlining platform administration.

Workflows and Automation

Our objective is to reduce repetitive administrative tasks with easier setup and compliance. This initiative includes enhancements to features you already use including groups, policies, and remote assistance. The platform will work more intelligently while offering more visibility.

Fully Automated Dynamic Groups

JumpCloud’s dynamic groups utilize attribute-based access control (ABAC) to assist admins by making suggestions to help manage the identity lifecycle across users and devices.

Enhancements are consistent across user and device groups, and will include:

• Greater automation with options for manual reviews.
• Improved “Exemptions” experience for users or devices where an admin doesn’t want the rule to apply. It’s designed to be quicker and easier to use.
• Default groups that just work by default.
  • Users – All Users, Devices – OS Family

Device Policy Compliance Baselines

JumpCloud Policy Groups will receive a new compliance check option. Automation helps to ensure that devices are sorted into the right group to apply the appropriate policies for each OS. Dynamic Groups that admins associate with compliance will automatically display device compliance counts, making it easier to establish (and verify) a security baseline for your fleet. 

JumpCloud Reports will provide audit logging details to help admins to determine when and how a policy failed to apply to an endpoint. This capability will be initially focused on increasing “visibility” when it goes live, and will evolve to make more remediations available over time.

Top Orchestration Use Cases

The webinar also outlined multiple use cases where orchestration will improve compliance and security, as well as more efficient use of resources. Significantly, they include advancing the principle of least privilege with time-limited privileged access management for admin accounts.

• Compliance – Automatically take action (lock, group membership, alert) upon device falling out of compliance with encryption or firewall policy.
• Temporary access – Give user access to a resource with a time limit. Once the time limit expires, access to resources is automatically removed, e.g., limited admin sudo.
• Inactivity – Automatically suspend user upon inactivity over x days.
• Inactivity – Automatically remove access and deprovision user from SSO app upon inactivity with that app over x days. Save a license and do more with less.
• Dynamic Groups – Ability to create a custom attribute upon membership.
  • Easy application of custom attributes
  • Leverage custom attributes in rules for dynamic groups
  • Nested groups
• Dynamic Groups – Ability to delegate group membership approval to another role (new role – group membership approver).
• Dynamic Groups – Add additional operators (“contains” or “regex” and “not in”).

Our objective is to make it possible for one individual within an SME to run the “whole show”.

Next, we’ll preview how device health monitoring will make compliance and support easier. Device health monitoring is a natural extension of JumpCloud’s unlimited remote assist. 

Device Health Monitoring

Remote assist will soon provide admins with more control within a remote session. Support may also be more proactive. For example, an admin can step in and make targeted changes when an endpoint is out of compliance. We’re planning to ship helpful new features, including:

• A remote command line
• Remote file explorer/transfer
• A remote process manager
• Programmable device alerts
• Automatic alert remediations
• A fleet health dashboard
• Multiple-Tenant Portal (MTP) dashboard integration for partners

Lastly, we’ll be enhancing the apps that are available with the JumpCloud platform. Admins will be able to remove passwords from browsers via a decentralized password manager while preserving productivity and compliance, and we’re improving how Push MFA works for users.

Apps

JumpCloud Password Manager 

Upcoming administrative features include:

• The ability to recover a user vault from cloud
• The ability to protects vaults without a second device 
• Backups are protected by PKI encryption keys and a secret
• The ability for admins to create and manage shared folder structures
• The ability to push settings down to users
• Automatic logging for faster product support
• Sync optimization

Improved user experience: 

• A redesigned Import Wizard
• A new Safari Browser Extension

JumpCloud Protect

MFA push notifications are now more convenient than ever when actioned from iOS and Android lock screens. Biometrics can protect authentications that occur from the lock screen.

Do More with JumpCloud

We value your feedback, which directs the development of the JumpCloud platform.

Customers may contact their account manager for early access to new features. JumpCloud is always available free of charge to try for 30 days.

In the meantime, if you need to get going fast and be sure everything is set up correctly the first time, our Professional Services team is available.