JumpCloud’s Q4 2022 roadmap webinar introduced features and improvements that coalesce into the open directory platform™, a purposeful platform approach to make JumpCloud work with everything you have today (and everything you’ll need in the future). These updates are being delivered within JumpCloud’s Identity and Access Management (IAM), device management, and data services. The result is adaptable IT that delivers best-of-breed solutions for every use case. The open directory platform’s Zero Trust security and Extended Detection and Response (XDR) integrations establish identity as the new perimeter for your apps, data, and network.
…And Android support is nearly here.
Open Directory Platform
JumpCloud is the central hub to automate and simplify the entire process of provisioning access for users to any IT environment. This was first made possible by adding third-party integrations (HRIS system, directories) into the platform, with many more to come. User updates and attributes are next, along with scheduled imports. Here’s more of what’s possible in Q4:
- More and deeper open import integration options
- Import from ADP
- More import options from Personio
- Import user updates from IdM Custom API
Provision from anywhere
Before we dive into what else is coming, let’s review some new capabilities you may have missed over the past several months.
Features Delivered in Q3
- Integration with Namely: Keep up with the pace of hiring and simplify user creation for a streamlined HR to IT handoff.
- Generic HRIS – OAuth2 Support: Configure integrations with more HRIS applications (and other identity sources), improving security and user onboarding.
- RADIUS access using Azure AD (AAD): Leverage delegated authentication that makes it possible to use AAD credentials to secure VPN and Wi-Fi authentications.
- Linux SSH hardening policies and Mint 21: Establish a core of policies and tackle compliance issues on Linux devices.
- Commands queue: Improve your management workflows, know which commands are queued for devices, the state of commands, and drill down for results per device.
- Logo + message for macOS patches and updates: Use enhanced branding to create a more polished deployment, building assurance and a better user experience for your users.
- Switch between user and admin login: This helps to make working with JumpCloud, particularly for single sign-on (SSO) connector testing, easier than ever.
Password Manager
JumpCloud now secures password managed apps with the launch of Password Manager, a decentralized solution that doesn’t use a master password. It takes a hybrid cloud approach where credentials are stored, securely, on local devices. We believe that this provides better security and a more dependable user experience. Password Manager also stores payment cards and secure notes for even greater usability and productivity.
Now, let’s explore what’s coming in Q4.
IAM
The open directory platform connects you to more things, easier and more securely than ever.
Q4 improvements include:
- Expanded conditional access rules that consider device state
- Frictionless multi-factor authentication (MFA), in more places
- Flexible device biometrics, providing the best options for each user
- The introduction of passwordless login experiences
- More ways to connect to your apps and resources
- Fully automated entitlements management for more hardened security
Conditional Access
We’re kicking off a major investment into conditional access next quarter, beginning with new device conditions for disk encryption and OS version. The result is reduced friction among your users who may be suffering from “MFA fatigue.” Our North Star is to make security smarter and more accessible. The open directory platform uniquely mixes inputs from identities, devices, and location information to make intelligent determinations about which devices should access which applications.
JumpCloud Protect™ MFA
Adversaries are adapting to security controls and the threat environment is changing. JumpCloud is proactively increasing security posture by displaying city, state, and country in Push notifications. Users can verify location details before approving logins. Adversaries have been “MFA bombing”, issuing repeated push prompts until users accept their requests. JumpCloud is adding a control to prevent that practice.
MFA for LDAP
TOTP will be provided as an alternative to JumpCloud Protect Push for LDAP application logins. This makes certain use cases, such as working with network hardware, simpler for JumpCloud users. Users log in by appending a one-time code to the password field during authentication.
MFA is suitable for many users, but biometrics provide another option for Identity Provider (IdP) authentication to help ensure privileged access to your most valuable IT resources.
Device Biometrics
JumpCloud already supports WebAuthn and U2F keys for biometric authentication. Going forward, the platform will provide greater clarity about which options are available for users. New options include Touch ID for Macs and Windows Hello for the Windows operating system.
Simultaneous use of MFA and biometrics is coming in 2023.
Certificate-Based RADIUS Login
Passwordless authentication leveraging trusted certificates will be another authentication option for seamless logins, which increases security and builds device trust. JumpCloud is starting with RADIUS authentications for secure network access because cloud RADIUS is the best place for organizations to begin their journey to a passwordless experience. JumpCloud will be adding more certificates across more environments, including an extension to SSO in 2023.
SCIM Provisioning, OIDC, and OAuth
JumpCloud is tripling its SCIM connector catalog in Q4. SCIM provisioning eases the friction admins experience in provisioning and managing user accounts in web applications. Using SCIM, admins can automate the processes of account creation and deletion, as well as maintain synchronization between their core directory and web apps. OpenID (OIDC) support extends SSO to homegrown apps, many mobile applications, and expands overall identity federation. OAuth support makes it possible to securely import user updates from applications.
These updates, and managed identities, flow into JumpCloud’s attribute-based access control (ABAC), enabling the system to continuously audit entitlements for more secure access control.
Automated Group Membership
JumpCloud is introducing the ability to automate and apply membership suggestions to groups. Attributes, such as where users are located, who their supervisor is, or what team they belong to, simplifies provisioning user access to IT resources such as applications and networks.
- Q4 extends interoperability with your Microsoft systems by exporting user groups on AAD integrations. This eases deployment of the open directory platform to obtain greater flexibility, openness, and value than Microsoft offers through Azure.
Schedule user activation
Devices
Device management extends identity, management, and security to endpoints. Q4 will introduce significant new features for small and medium-sized enterprises (SMEs) to have a holistic solution to manage every device endpoint, regardless of the OS. Those features include:
- Remote Assist: A free-of-charge tool to support your users when they require help.
- Android support: Extending JumpCloud’s mobile device management (MDM) to Android for compliance and application distribution.
- Self-service Windows deployments: To streamline user onboarding in support of remote work and time-savings.
- macOS and Linux improvements: More policies, day 0 readiness for macOS Ventura, and support for additional Linux distributions, in response to community feedback.
- Windows BitLocker: Major new investments into BitLocker deployments, with more to come.
- Integrations with leading XDR solutions from CrowdStrike and Sentinel One: Making identity central to IT security in response to new methods of attack on cloud services.
Remote Assist
Users ask for help; with Remote Assist you can now provide a session key that makes it possible to log in and fix their issues directly. JumpCloud’s Remote Assist is available at no additional charge and provides an opt-in workflow that operates through the JumpCloud agent but works independently from it as a web app, simply:
- Copy and paste between devices
- Work in multi-monitor systems
- Turn on audit logging
A silent mode option is coming in 2023 for unattended access over the command line. We’re seeking feedback about which capabilities matter most to SMEs. Please contact your account manager to share your ideas for our user-driven product roadmap.
Android
JumpCloud will soon offer Android MDM that will include all required core security commands and policies to drive compliance and deploy apps to your devices. Capabilities include:
- Enforce device and work profile security
- Lock, wipe, and reset devices
- Drive device compliance
- Search, organize, and distribute apps
Windows Self-Service Onboarding Cases
JumpCloud is working to provide a Windows Out of Box Experience (OOBE) as another option to stage devices and onboard users. This simplifies how Windows machines are deployed with JumpCloud using technologies that Microsoft prescribes for MDM-like management of Windows. Traditional onboarding through the JumpCloud agent will still be possible.
Onboarding Case | Authentication | Device Enrollment | Post Enrollment |
Intune with JumpCloud Authentication (OOBE) | User signs in with JumpCloud credentials during AAD Join | User sees Intune enrollment screens | JC Agent can be pushed for telemetry by Intune Most policies by Intune |
JumpCloud MDM and Authentication (OOBE) | User signs in with JumpCloud credentials during AAD Join | User sees JumpCloud enrollment screens | JumpCloud MDM manages all device configurations |
Onboarding Case | Authentication | Device Enrollment | Post Enrollment |
Intune with JumpCloud Authentication (OOBE) | User signs in with JumpCloud credentials during AAD Join | User sees Intune enrollment screens | JC Agent can be pushed for telemetry by Intune Most policies by Intune |
JumpCloud MDM and Authentication (OOBE) | User signs in with JumpCloud credentials during AAD Join | User sees JumpCloud enrollment screens | JumpCloud MDM manages all device configurations |
Patching
The initial release of JumpCloud’s Patch Management focused on macOS, Linux, and Windows policies. Q4 expands the vision of “set up once, works everywhere” patch policies to browsers. IT teams benefit from automation and one-click payoffs to manage browser versions across every operating system, and prompt users to update. Chrome will be supported first, followed by Edge, and Firefox browsers. User feedback will determine whether more browsers are added.
Please note that Safari is updated at the OS level by Apple.
macOS 13 Day 0 Support
Mac admins will be able to delay or block system updates to macOS Ventura. IT admins should take special consideration with this release, because unpatched Monterey systems will inadvertently update to Ventura. Apple is working on a fix to address this issue. JumpCloud works to ensure that you’re not affected by upgrades when you’re not ready.
Expanded Policies and OS Support
JumpCloud is deepening what’s readily possible with Mac and Linux device management. No complex templates needed: just best-of-breed policies that are ready to use, right out of the box. This has been an ongoing effort to provide compliance settings that are easy to configure and deploy.
Even More Linux Distros
JumpCloud is welcoming Fedora 37, Pop!_OS, and Arch Linux to the open directory platform. Please visit our knowledge base for the full list of supported Linux distributions. JumpCloud’s Linux MDM doesn’t mandate a specific vendor’s software, such as the Edge browser to operate, and users experience the full benefits of the open directory platform, including IAM.
Windows BitLocker Policy Roadmap
Improved status reporting was introduced last quarter. The capacity to encrypt all local non-removable drives is next, extending encryption beyond the system drive. The result is higher security and increased compliance for devices that have multiple drives.
This diagram illustrates our overall BitLocker roadmap
XDR Ecosystem
XDR confronts the gap between identity and security as attackers have evolved their tactics to the cloud. User credentials are being hijacked in malware-less attacks that aren’t detected by traditional Endpoint Detection and Response (EDR). That has led to data exfiltration and the loss of IT assurance when criminal syndicates have infiltrated systems, deeply and discretely.
JumpCloud and XDR solutions are better together. Expect more integrations with CrowdStrike, which awarded JumpCloud its Ecosystem Emerging Partner of the Year award. JumpCloud is available for easy deployment through the CrowdStrike Store to manage your devices.
Some future integrations are:
- Zero Trust feature integration with CrowdStrike, including shared signals from events
- Falcon Spotlight integration with JumpCloud patch management for information about CVEs for vulnerability management and potential mitigations
JumpCloud is also working with Sentinel One to integrate with its Singularity XDR system.
Data Services
Device management and IAM doesn’t provide visibility into the context of what users are doing once they’re authenticated into systems. That’s why JumpCloud already offers System Insights, Directory Insights, and pertinent reports such as Users to SSO logins for your applications. Q4 extends that focus to events that matter within your cloud infrastructure itself, starting with AWS.
Users to SSO report
Cloud Insights
Cloud Insights, a tool for observability and monitoring cloud infrastructures, is presently in beta. This makes compliance and data forensics easier for SMEs and helps to enforce least privilege. Support for Google Cloud (GCP) will be introduced next for a multi-cloud strategy.
Its capabilities include:
- Support for multiple AWS accounts to monitor activity across larger organizations
- Easy-to-consume management event feeds with details on user actions
- Events filtering by identity, time, event type, and other attributes
- Classify user access as JumpCloud managed (via SSO/IAM connector) and unmanaged
- Focus on events that matter; ability to filter person and non-person entity (“NPE”) activity with a simple toggle button
- Pay $3/user/month only for cloud users
Helpful New Reports
Two new reports are being introduced in Q4:
- OS patch management status
- Browser patch management status
A total of seven reports will be available by year’s end to collect essential data about your organization’s users for better compliance, control, management, and planning.
Directory Insights Upgrades
Directory Insights has been improved with better event descriptions (no need to look at JSON for basic information) and a search bar for quick access to events. Together, these simplify your responses to audit requests for a specific device or users.
Try JumpCloud
Existing users may contact their account manager for early access to new features. JumpCloud is always available free of charge for up to 10 users or devices with full functionality. We provide complimentary 10-day chat support to help you get the most out of your deployment.
In the meantime, if you need to get going fast and be sure everything is set up correctly the first time, our Professional Services team is available to help.