By Ryan Squires Posted October 24, 2018
The concept of True Single Sign-On™ for managed service providers (MSPs) can be an incredibly powerful approach to securing identities for clients. Most MSPs are working with client organizations that are looking to outsource their IT management needs. That often means that their clients don’t have IT experts internally or their IT admins are stretched too thin. In either case, MSPs can create a game changing service for their clients by centralizing access to IT resources through one identity – a concept we call True Single Sign-On.
True Single Sign-On Origins
One could argue that the concept of True Single Sign-On traces its roots back to the days of Microsoft® Windows® based environments, Active Directory®, and the domain controller. Users could login to their Windows laptop or desktop and then immediately have access to any other Windows-based resources that were hosted on-prem. This access could include servers, applications, and the network itself. Through the magic of Microsoft’s domain controller, end users would log in once and then access whatever they needed. It was a seamless experience, and one that hasn’t really been replicated until True Single Sign-On with JumpCloud® Directory-as-a-Service® came along.
What is TRUE Single Sign-On?
As we know, things rarely stay the same in the world of IT. As the IT landscape shifted to include a wide range of IT resources both in the cloud and on-prem, the traditional concept of single sign-on (SSO) has largely remained focused on web applications. Those aren’t the only new web resources though, one of particular interest is infrastructure-as-a-service (IaaS) provided by AWS® and GCE, which often authorize and authenticate via SSH keys in addition to passwords. The result is that end users now have a larger number of accounts and passwords to manage, in addition to SSH keys, which increases security risk while decreasing IT control. This is a common challenge that MSPs have with their clients, and it results in extra overhead for them.
If you have to manage multiple identities, then we’re not sure how a solution can be called “single sign-on”. Now, a next generation cloud identity management platform, called Directory-as-a-Service®, is solving the problem of identity sprawl through True Single Sign-On for MSPs. With most IT environments having a hybrid grouping of resources—some on-prem and others in the cloud—it makes a great deal of sense to streamline the login process across all of these resources. In this case, streamlining means users can login to legacy, on-prem applications that utilize LDAP like Jira® and OpenVPN™, web applications that leverage SAML including Salesforce® and GitHub™, cloud infrastructure, file servers from NAS devices to Box™ and Google Drive™, as well as RADIUS-protected networks with one set of credentials. No more credential juggling. No more password recycling.
Self-Service Password Resets
The ability to leverage one set of credentials is enhanced further with self-service password resets. JumpCloud end users are able to change their passwords themselves, which then has a global effect on all the accounts a user utilizes. On Mac®, this is done from the system level via the Mac System App. Mac users with JumpCloud properly implemented simply need to click the JumpCloud icon in their menu bar and populate the fields that drop down which included multi-factor authentication. It’s as simple as that.
For users of Windows and Linux® machines, the ability to self-serve a password reset exists within the user portal. Now MSPs don’t have to get bogged down with routine password changes for what could be dozens of clients, each with any number of users and even more accounts. Additionally, users can add their own SSH keys and implement multi-factor authentication (MFA, two-factor authentication or 2FA). Mac users can access these features in the user portal as well. So, not only do MSPs enjoy significant time savings, but they can rest assured knowing that their clients’ users have the proper security protocols in place.
Single Pane for MSPs
In the spirit of centralized control, with the release of the Multi-Tenant Portal, MSPs no longer have to cycle between their clients and spend time logging in and out of client accounts. The Multi-Tenant Portal allows MSPs to manage their clients from one interface. It’s akin to True Single Sign-On, albeit for MSPs, and works regardless of location.
Learn More About How JumpCloud Supports MSPs
See how much time and frustration you can save by implementing True Single Sign-On for MSPs and their clients. Visit our Partner page to learn more or apply for the JumpCloud Partner Program. Check out the video below to get an idea about how JumpCloud can help scale your MSP business while expanding your cloud offering and improving efficiency.