The main thrust of JumpCloud’s Q3, 2022 platform enhancements is to make everything across the platform work better together and deepen its existing functionality. This strategic direction aligns with our customers’ emphasis on IT unification in response to ongoing macroeconomic uncertainty. Serving as an open directory platform that delivers IT unification is our objective, because it enables you to use the services that you want to create a core stack that works best for your organization. It also helps IT teams to rationalize their spending decisions to reserve budgets for high priority issues such as security and device management. IT departments have identified security and device management as the greatest challenges they’re facing, and JumpCloud is responding by enabling admins to protect more resources.
Access More Things, Securely
Let’s walk through the real-life implications of the open directory platform’s new features with a scenario that illustrates how the JumpCloud solves security and device management problems that small and medium sized enterprises (SMEs) may encounter:
- Jane is a new employee, and she’s starting next month.
- IT admins can now import information about her from HRIS systems such as BambooHR, Personio, and Namely to schedule account activation.
- JumpCloud will automate group memberships, and as a consequence app entitlements will remain up-to-date if her responsibilities ever change.
- Jane is able to begin her day logging into office WiFi over RADIUS even if she only exists in Azure AD. Her SSO logins are passwordless and every other login is protected by MFA.
- Jane’s activity in AWS is logged through Cloud Insights.
- Her PC is always kept up-to-date through patch management and IT has implemented secure configurations to manage her devices.
- Jane accesses her work, securely and productively; the IT team knows that identity and device management is controlled.
Q3 Release Highlights
This is all made possible through targeted enhancements to identity and authentication capabilities. These connect users to more things securely, and direct the identity lifecycle to avoid overprovisioning and guard against inactive accounts. JumpCloud’s vision is to welcome identities from anywhere and provision users from anywhere.
Device management is easier with remote assist and deeper patch management options for browsers and Day 0 support for the latest Apple operating systems. JumpCloud now supports more granular policies for BitLocker full disk encryption and the ability to queue commands for device management. Admins will also receive a more interactive dashboard with additional reports for visibility and governance into what’s happening in their environment, including AWS.
Identity and Authentication
JumpCloud is keeping pace with changes in industry trends and working to make identity and access management as automated, secure, and efficient as possible.
Passwordless (JumpCloud Protect™ + Biometrics)
JumpCloud is progressing towards passwordless authentication flows that will increase security, usability, and simplify logins. Ultimately, admins and users will benefit with fewer password lockouts. We’re introducing these flows to the JumpCloud login process to allow a user to log in with their identity first (email) and then the open directory platform will determine what that user needs to do to authenticate.
This capability will support SaaS apps first with fewer passwords being used, in fewer use cases, over time. JumpCloud believes in standards, but will also support technologies such as Windows Hello and Apple Face/TouchID to give admins choices about which solutions work best for their organization(s).
JumpCloud is intensely focused on delivering a password management solution. There will be a limited availability preview in the near future and then a general release following that. We want to allow admins to enable easy access to any IT environment, including legacy password managed applications. Eventually, this means users will have easy access to SSO across all environments, including password managed apps, and get to the point where all passwords are managed behind the scenes.
Users can bring their own identity to JumpCloud, starting with Azure AD delegated authentication for VPNs and Wi-Fi password-based logins. Certificate based authentication is also coming soon. Admins will be able to generate certs, provision those onto devices (users and device certs), and then eliminate the need for their users to enter credentials. This capability delivers a more secure and passwordless experience onto RADIUS endpoints.
Additional credential providers will be added in the future.
MFA for LDAP
Users will be able to verify their identity with JumpCloud Protect multi-factor authentication (MFA) for LDAP connected resources. This capability is the culmination of a long journey to bring MFA to every IT resource that’s being managed by JumpCloud. Those include the user portal, SSO web apps, device logins, RADIUS endpoints, and now LDAP apps.
JumpCloud is adding greater value to its conditional access and zero trust offering in the form of new device posture conditions: disk encryption and OS version. JumpCloud has already supported device trust, geofencing and IP ranges. The initial focus is on device posture conditions, but more options will be added as the year progresses to assess whether a device meets more stringent security requirements.
JumpCloud Protect MFA will significantly increase customers’ security postures through delivering geolocation data (country, state, city) to users within a push notification. Users verify location details prior to approving a request and can flag any security risks.
User Imports and Updates
OAuth APIs and HRIS Integrations will make it possible to import user updates, not automating the initial user onboarding. Changes made within an HRIS system will be reflected in JumpCloud and access decisions will be made based on those changes. We’re also working to deliver the ability to export user identities from JumpCloud to HRIS applications in the second half of the year, as well as scheduling batches of user imports.
Groups Suggestions and Automation
JumpCloud is adding the ability to add more conditions on different user attributes that define which group a user should be a part of. These attributes, along with operators to configure more sophisticated conditions, help to define and suggest which group a user should be a member of.
The end result will be that JumpCloud automates new user memberships from the moment an identity is added to an HRIS system or the LDAP directory. This will streamline the process of provisioning users ahead of their start date. JumpCloud is also working to import user groups through Azure AD integrations.
Continuously validating and identifying entitlement issues delivers an advanced level of security for access control. In contrast, Microsoft’s Active Directory cannot deliver beyond “basic” maturity because user management is a manual process that adds to administrative overhead and increases the risk of errors and security concerns.
Schedule for Activation
IT admins can plan ahead and set up new users for success, by creating suspended users that will be activated on a scheduled time to be ready for “day 0” access.
SSO Application Enhancements
OpenID Connect (OIDC) support is being added for greater flexibility and more standards for SSO integrations. Q3 will also introduce additional SCIM provisioning integrations for identity provisioning and management to simplify the onboarding process by streamlining user account creation. The SSO interface will also be simplified to make it easier to configure.
Mobile Admin App – Beta
A mobile admin app is shipping with the intent of focusing on the most common tasks admins encounter day-to-day, expired passwords and user lockouts. IT teams will be able to assist users with unlocking accounts from anywhere. More capabilities will be added to the app over time to solve today’s remote work challenges.
Unified endpoint management is among the most sought after objectives of IT teams at small and medium-sized enterprises. JumpCloud has worked diligently to target the most significant security and management issues that SMEs face with accessible, easy-to-use services.
Q3 will begin to introduce a live assist mode for technical support and training workflows. The helpdesk process begins when a user needs help and contacts support; the admin can reach out and start a live assist session for that ticket. Sessions are secure by allowing end users to opt in to the live session. Admins can request control at any time during the session, which is granted by the user, giving full access to manage apps, access the command line, even train end users.
JumpCloud offers a cross-OS platform where experiences are optimized for each OS. Windows remote assist is shipping first, but JumpCloud is also seeking your feedback on the direction it should take for Mac devices and would like to hear what capabilities would help the most. Contact your account representative or share your thoughts and feedback on our IT Community.
Browser Application Patch Management
Patch management has rapidly become the #1 app used by JumpCloud customers since its introduction this past quarter. We’re making Patch Tuesday a thing of the past on Windows and prompts on Macs have been impactful to keep systems updated and secure. However, beyond the OS itself, browsers are among the most vulnerable yet widely used applications. JumpCloud is addressing this problem with a cross platform view on browsers that delivers smart “out of box” policies that work globally. Admins will be able to force a restart to apply new builds and reporting on browser versions will be made available. Browser patching features include:
- Policies with preconfigured defaults for managing updates, security, and user experience settings for Chrome, Edge, & Firefox
- Unique policies for Windows, macOS, & Linux Fleet visibility into active browser version relative to the latest releases
Apple Day 0 Support
Our message to Apple admins is “don’t be concerned about the Fall.” JumpCloud will support macOS Ventura and iOS 16 before the last beta drops as well as delivering blocking policies to delay deployments.
Bitlocker Policy Roadmap
Full Disk Encryption (FDE) is the most popular device policy for Mac and Windows. JumpCloud is adding broader support for different domain join types on Windows through the JumpCloud OS agent, which makes it possible to enhance our Bitlocker policies and increase first-pass success.
Admins will have greater visibility into the state of encryption jobs, and we’re also enhancing System and Device Insights reporting to display the presence of TPM modules in your fleet. We’re extending what JumpCloud can encrypt beyond system disks to all fixed disks on machines and fast encryption. Upcoming enhancements include troubleshooting and automations for resetting TPMs, beyond the current step of key recovery.
Support for Apple’s Volume Purchase Program (VPP) will include iOS and iPadOS. JumpCloud now supports VPP apps for Apple’s Automated Device Enrollment Program, commonly referred to as “ADE”. This capability is intended for corporate owned devices only.
The next step in the commands journey is to increase visibility. JumpCloud is delivering visualizations that show which commands are pending for given groups or devices. Admins can even cancel an action from within that interface, offering more control and visibility so that you feel more confident managing your fleet.
Reporting and visibility are foundational to proper IT hygiene and governance. This quarter, reports complement JumpCloud’s latest applications and help teams to share public clouds.
Cloud Insights is a new and exciting public cloud observability service, and will initially become available for AWS. It addresses customer pain points such as:
- Who has access to what in the cloud?
- What actions are users taking on the cloud resources with the permissions they have?
- Are the users within the cloud being managed and configured correctly?
Our objective is to help admins attain visibility that makes it easier for departments to coordinate (devops, IT teams, developers) for least privilege access control in their public cloud infrastructure. Determining “ownership” of public cloud resources can be cumbersome and creates visibility gaps to ensure a strong security posture.
Other benefits will include quick evidence gathering for audits and security monitoring. There will be several fast follows including AWS SSH activity monitoring (Q4) and traceability across other JumpCloud services to connect the dots between cloud and non-cloud user activities. Google Cloud Platform (GCP) is the next public cloud on the roadmap.
The icons depict where users are coming from to centrally manage those identities.
New Reporting Capabilities and Reports
Q3 will introduce asynchronous access and queuing of reports with up to 10 reports being available. Admins will have a record of which reports are available and who ran them. The interface will also display pending reports for larger data sets.
Users to SSO
A new Users to SSO report shows association between users and the SSO applications they have access to and how they are associated to those applications. Access events are organized by line items such as a user’s group memberships.
OS Patch Management Status Report
There will be a new unified report for OS patch management statuses in Q3. Admins will be able to see whether there’s been a successful execution or know why it didn’t work (along with vital details such as a device being offline or pending reboot).
The admin console will ultimately provide a wide variety of widgets so that IT teams can keep track of what they care about the most and customize their consoles. Q3 introduces six new capabilities in the home page, for more visibility and less time spent searching.
Upcoming Widgets and Notifications
- MDM Certification Expirations – Provide visual updates to when important certificates will be expiring so an admin can take action prior to expiration
- Patch Policies with Recent OS Releases – Shows up when a new operating system release has come out; it is also a quick access to Patch Policies
- Scheduled User Suspensions – Shows when an admin has users set up for upcoming suspensions
- Scheduled User Activations – Shows when an admin has users set up for upcoming activations
- Automated Group Membership – Provides consolidated view on automate group modifications (such as adding/removing a user from a group membership)
- Reports Ready for Download – Displays how many reports are ready for download within a set timeframe
Try Out Our Latest Features
Existing customers may contact their account manager to try patch management and conditional access. Early access to new services can be requested in the community. We welcome your feedback and ideas; customer feedback drives our product roadmap. JumpCloud is free for up to ten users and ten devices across all supported operating systems.
Taking on a new IT project can be resource intensive and bringing in external resources will keep organizations focused on their core responsibilities. That’s why JumpCloud has assembled a team of experts to help you along your implementation journey. For example, we’ll put your migration in “cruise control” by generating custom scripting.
- Implementation services
- Technical account manager
- Migration services