Managing Remote User Access to a VPN

Written by Cassa Niedringhaus on April 24, 2020

Share This Article

Many IT admins are rushing to stand up VPNs in response to the sudden shift to remote work. VPNs (virtual private networks) establish a secure “tunnel” between two points, and they can play a key role in organizational security for work-from-home users.

There are two main use cases for a VPN in a work-from-home context:

  • For organizations that have on-premises IT resources and/or run their authentication process through Active Directory®, a VPN is needed to connect to the internal AD network.
  • For all organizations, admins can direct users to employ a VPN to encrypt their traffic when they work on an unsecured network, such as a public WiFi network or even their home WiFi.

Fortunately, there are many corporate VPN options for IT admins to consider. Perhaps the most popular is OpenVPN, an open-source solution with paid offerings. Enterprise-class solutions are also available from vendors such as Cisco, Palo Alto, Fortinet, and others. However, standing up a VPN might require on-prem infrastructure, as well as installation and configuration on each individual’s system, which can be tedious and difficult, particularly if a team is already remote.

That’s why the JumpCloud® cloud directory platform offers a variety of solutions to help admins manage VPN access, as well as establish workflows in which users don’t need a VPN to access organizational data or change their AD passwords. It can serve as a standalone cloud directory service or as a comprehensive AD identity bridge to virtually all IT resources. Here are three instances it might come in handy to secure remote user access:

Install VPN Client on Remote Systems

If you don’t already have a VPN established, providers like OpenVPN offer options to deploy a new instance in the cloud, which eliminates the need for any additional on-prem infrastructure.

Whether you can install a VPN client on remote JumpCloud-managed systems will depend heavily on the VPN provider your organization selects, as well as the operating systems you’re working with.

However, some VPN providers create preconfigured installation files and use a generic cert, rather than a user-specific cert, which is generated by the firewall. If admins can select a VPN solution that uses a generic cert, meaning that everyone would use the same install file, they could then use the command runner available through the web-based Admin Console to push it out and install it.

You can also pair your JumpCloud instance with third-party, open-source package managers — like Chocolatey or AutoPKG — to install and update applications on user systems remotely.

Enable Work Without a VPN

If you don’t already have a VPN established and don’t plan to do so, JumpCloud’s Active Directory Integration feature introduces a bi-directional sync between the two services. With this feature in place, you can provision user accounts on and manage Mac®, Windows®, and Linux® machines from the web-based Admin Console with those users’ same core AD identities.

Then, users can change their passwords directly on their machines, and those changes are written back to AD through JumpCloud. That way, they don’t require a VPN connection back to the internal AD network, which is usually a common need in AD environments.

Users don’t need a VPN to use JumpCloud, which means that they can also access JumpCloud-bound resources — including systems and applications — without using a VPN either. 

Centralize VPN Authentication

If you already have a VPN established but haven’t synced it with the core directory, JumpCloud can accommodate that. You can point the VPN at the cloud LDAP or RADIUS services and then provision and deprovision VPN user accounts through the cloud directory service.

That way, you ensure users enter the same core credentials they use to access other IT resources to access the VPN — rather than picking an easy-to-remember but insecure password or repeating a password from another service.

The RADIUS service has native multi-factor authentication (MFA) capabilities as well, so you can also prompt users to enter another form of authentication, such as a TOTP token, at login. This further secures access, particularly if they’re using the VPN to access critical organizational data. 

Learn More

However you decide to use a VPN, we’re committed to helping you and your organization work remotely and securely. Click here to learn more about secure remote access to virtually any IT resource from the cloud. You can also use JumpCloud’s full functionality by creating an account — your first 10 users are free.

Continue Learning with our Newsletter