Q3 2023 Roadmap Webinar Recap

JumpCloud delivers the optionality that small and medium-sized enterprises (SMEs) need to future-proof against changing business requirements without being locked into a single vendor. Our open directory platform makes this possible with a more service-oriented approach that uses federation and modern authentication to secure access, employs automation for dynamic groups, offers more deployment options, and delivers support for the latest OS releases. We’re also hard at work strengthening platform security, enhancing the administrative experience, and responding to customers’ requests that go deeper toward improving the present areas of the platform.

This webinar recap explores what’s arriving in Q3 to give you the freedom and flexibility to access resources with as little friction as possible, no matter where your identities come from.

Open Directory Platform

The open directory platform is extending its directory federation, introducing a new phishing-resistant login experience, and expanding its connectors for HR systems. 

Open Directory Federation

Federation leverages web standards to make JumpCloud services available for customers that may not want to use it as their primary identity provider (IdP). We’re introducing the ability to use Okta as your IdP for the Device Login Screen as the first option for external IdPs. Okta’s service doesn’t have integrated unified endpoint management (UEM), and federation makes it easier to adopt JumpCloud to manage devices for better compliance and security. This feature doesn’t replace existing password sync functionality; it adds a different mode of deployment.

There will be additional IdPs and more Login Screens to come.

JumpCloud Go

JumpCloud Go is a hardware-bound credential that leverages TPMs on PCs and Secure Enclave on Apple silicon. That’s just the technology. The experience provides you with the fastest way to sign a managed device into the JumpCloud User Portal  using the Chrome browser. Users first sign in with a password and multi-factor authentication (MFA) before a phishing-resistant token is assigned to the device to make logins simpler and more secure.

This experience will soon become the new method for macOS and Windows device logins, tying cloud identities to local accounts for better self-service. Additional features such as continuous access evaluation will be added over time to reduce MFA/login fatigue and improve security.

Deeper Active Directory (AD) Support

JumpCloud is increasing its focus on Active Directory with foundational changes to Active Directory Integration (ADI) syncing to import identities from AD. It’s also becoming much easier to scale with a new deployment model that uses a member server versus a domain controller to configure syncing. That makes it possible to sync multiple domains to JumpCloud at once. We’re also rolling out delegated authentication (think of it as passthrough authentication) to leverage existing credentials from AD without forcing password resets.

Other major improvements include:

• Microsoft Server 2022 support for import and sync
• An optional password sync agent

Human Resource Information System (HRIS) Integrations 

JumpCloud is rolling out additional pre-built HRIS integrations over this quarter and next that are available for free. HRIS integrations help to streamline identity lifecycle management via dynamic groups that make or suggest membership changes if a user’s role is modified by human resources.

In contrast, Microsoft’s Entra ID may now require additional licenses, on top of its Premium 1 and Premium 2 tier SKUs, for lifecycle workflows that handle HR provisioning aspects of the identity lifecycle management process. Its other options include SSO connectors with write-back.

Core Device Management

JumpCloud is deepening its UEM capabilities to deliver best-in-class management, and we’re extending background access within remote assistance. Dynamic groups now manage device group memberships based upon device attribute-driven rules.

Windows MDM

JumpCloud launched self-enrollment for Windows MDM earlier this year to deliver tamper-proof device management. Automated MDM enrollment is the next stop on the MDM roadmap. It will include automatic certificate renewal with agent enrollment including the MDM profile as an option. Provisioning Package enrollment provides a light touch deployment model where a preconfigured Windows onboarding workflow can be generated for new PCs, either in house or through an IHV. You will no longer have to deal with the out-of-the-box experience.

We’ve partnered with Hofy to enable an all-in-one device onboarding solution worldwide.

Android Enterprise Mobility Management (EMM)

JumpCloud’s Android EMM initially supported BYOD and COPE devices through a work profile partition. It will soon offer the option for fully managed corporate-owned devices. JumpCloud intends to also manage ruggedized devices for frontline workers in the future.

Other upcoming features include:

• Enhanced policies
• Zero-touch enrollment

Same-Day New OS Support

JumpCloud is ready for the fall OS release schedule:

• Android 14 – Day Zero Support
• macOS 14 – Day Zero Support
• iOS 17 – Day Zero Support

Background Access

JumpCloud’s remote assistance is being enhanced to take actions on managed devices through silent modes that will have a low impact on users. Features will include:

• Remote command line interface and file manager straight from the browser
• Transfer large files without FTP, USB, or unsanctioned apps

Dynamic Groups & Work Orchestration

Dynamic groups provide easy, efficient device administration. Its architecture is built on commonly leveraged user and device attributes and operators. Dynamic groups create insights that translate into actions, such as proactively changing group memberships and enforcing MFA for users, or executing commands and installing apps.

Dynamic groups features include:

• Fully automated dynamic user and device groups
• Additional operators and attributes
• Dynamic MDM enrollment groups (coming soon)

JumpCloud provides this capability without requiring a “premium” license. New organizations will benefit from attribute-driven rules as soon as they start to add devices to the directory.

Platform Enhancements

JumpCloud Password Manager, JumpCloud Protect, and cloud directories are also receiving enhancements.

Password Manager (PWM)

Customers asked for more governance over auditing and sharing, and JumpCloud delivered. New features slated for Q3 include:

• Cloud Backup (now available)
• A “soft landing” for users removed from the PWM entitlement group 
• Better shared folder creation (with restrictions) and activity logging from the Admin portal
• The ability to configure PWM App defaults from the Admin portal

JumpCloud Protect

MFA push notifications are now more convenient than ever when actioned from the lock screen. App updates are available for iOS and Android and now features support for Apple Watch. Significantly, MFA prompts may be biometrics protected for added security.

Admin Email Notifications

We’re refining the user experience for M365 directory sync with an email notification when it’s time to refresh tokens in Entra ID. It’s an extra “nudge” on top of the existing portal notification.

Platform Security

Additional security controls are being added to the Admin Portal including MFA enabled for admin users by default, stronger password requirements for users, password policies that can be assigned to groups, and more robust API key management.

Q3 marks the beginning of more robust lifecycle management for API keys. The first round of enhancements, which mirror guidance from the U.S. National Institute of Standards and Technology (NIST), will include:

• Restricting Admin API key access to admins with billing roles to establish a lifecycle workflow
• Restricting API Key visibility beyond the first time a key is generated
• More activity logging for API key events such as when old keys are used

Over time, JumpCloud intends to introduce additional security controls such as key rotation policies, offering more granular scoping to actions for API keys with more defined lifetimes. The ultimate goal of this initiative is to deliver a stronger and more secure platform via API.

Schedule a Free Demo

Schedule a free demo to learn more about these new features. Sometimes self-service doesn’t get you everything you need. If that’s how you’re feeling, schedule a demo to discuss and learn more about our options for implementation assistance, migration services, custom scripting, and more.