Office Hours Recap: Enhance Your IT Security with SSO & IAM

Written by Leia Schultz on November 17, 2020

Share This Article

A recent JumpCloud® Office Hours panel discussion covered secure single sign-on (SSO) management in the JumpCloud directory platform with a panel of technical experts. 

We covered the highlights of JumpCloud’s True SSO™, or the idea of one secure entity to access a broad range of IT resources, plus pro tips for IT administrators to make both their own and end users’ workflows easier when it comes to SSO-driven resource access, and user lifecycle management with SCIM provisioning.

Watch the full Office Hours recording here for a deep dive and visualizations of how admins use SSO in JumpCloud, and keep reading for the discussion highlights.

A Gold Standard Experience 

With JumpCloud SSO and a growing repository of SCIM-supported applications, IT admins unite not just sign-on but also how they provision users to access those credentials. This centralized method organizes easier access to resources via secure user identities, and makes the entire experience more end user friendly.

JumpCloud SCIM provisioning delivers on the gold standard SSO experience because it automates the user identity lifecycle management process by connecting the applications your organization uses with JumpCloud. SCIM is an API-driven identity management protocol that was created for securely transmitting user data between an identity provider (IdP) and service provider (SP); in JumpCloud it sits alongside JIT support for certain applications.

3 Main Benefits of JumpCloud’s SSO

1. Centralized Control

SSO in JumpCloud enables IT teams to centralize end users’ access to all of the different apps that employees use at work, individually or in groups based on their role, like engineering or sales. Admins are able to bundle all the different applications and unique sets of credentials, and house them under one roof — the JumpCloud User Portal — that end users can easily access with their one set of credentials that logs them into their work device, networks, and resources.

This streamlines the end user experience, as they have a single source of resource access and don’t have to maintain individual sets of credentials for each one they need. Once they log into their JumpCloud portal, access to whatever they need is just a click away.

2. Enhanced Security

There are a few security benefits of SSO within a cloud directory, including combating phishing, enabling MFA, and connecting to a password manager.

The more identities a user has to manage, the more likely they are to forget best practices when a phishing email hits their inbox suggesting they need to change their password. JumpCloud users just need to manage their JumpCloud identity to be able to use SSO, so this serves as a highly effective anti-phishing method that can help keep users and the organization safe from threats.

JumpCloud’s SSO also incorporates multi-factor authentication (MFA) for more effective security. When set up in JumpCloud, end users must pass just one MFA hurdle to log into their JumpCloud User Portal, not each time they visit an individual site for application to use on the job. There are three ways to configure MFA within JumpCloud:

  1. Time-based One Time Password (TOTP)
  2. WebAuthn (with biometric login capabilities)
  3. Duo 2FA Security

JumpCloud SSO can also pair with a password manager to give users the flexibility they need: We recently released SCIM support for Keeper, so admins integrate their JumpCloud account with Keeper Security through an Identity Management Connector.

In terms of end user experience with SSO for password managers, JumpCloud admins just layer Keeper on top of a bookmark to enable users to launch that application from their JumpCloud User Portal. 1Password is next on the horizon to get SCIM support in JumpCloud. Popular tool LastPass doesn’t provide a SAML application, so it’s less streamlined to manage from JumpCloud, but you could use a third-party integration to sync LastPass Enterprise with JumpCloud LDAP. 

3. Optimized User Management

SSO in JumpCloud’s directory platform streamlines user management, even automating onboarding and offboarding which are typically tedious user management chores for IT. Read this blog about using Slack with SCIM support in JumpCloud.

During onboarding, all a JumpCloud admin needs to do is add a user to a group with Slack access, and they’ll be able to access Slack in their user portal with their secure identity. Offboarding is equally easy: Admins can automatically restrict access by simply removing a user from the group.

Try Better SSO — for Free

If you’re ready to give SSO in JumpCloud’s directory platform a try, sign up for a JumpCloud Free Account. All of JumpCloud’s SSO services are included at no cost for up to 10 users and 10 devices, and you’ll get free premium chat support with a platform expert for your first 10 days as a JumpCloud admin.

Continue Learning with our Newsletter