As organizations increasingly rely on digital technology to manage day-to-day operations, IT admins are faced with the time-consuming and often repetitive task of managing a number of users, devices, and applications.
JumpCloud and Torq, a security automation platform, have integrated their services to provide IT admins with automations that help manage IT resources more efficiently and effectively.
In a recent webinar featuring Derek Johnson, Principal Product Manager, JumpCloud; Aner Izraeli, Director of Security, Torq; and Dallas Young, Sr. Technical Marketing Manager, Torq, the speakers provided valuable insights and practical examples of how six automations can be implemented to meet organizations’ needs.
6 Practical JumpCloud + Torq Use Cases
JumpCloud continually aims to ease everyday tasks for admins and users alike without compromising on security. With Torq’s flexible integrations and easy-to-use workflows, admins can leverage the JumpCloud + Torq combination to automate the following tasks:
1. Request Elevation of Local Admin Privileges
”Temporary elevation of admin privileges is a common request that IT admins receive from users who might need it to perform a specific task,” Derek noted. JumpCloud console allows admins to grant such privileges with a few clicks.
However, given the possibility of the admin forgetting to terminate those privileges when the task is complete, coupled with the frequency of such requests, Aner demonstrated an alternative and more secure workflow.
“The user needs to go to Slack and run the command ‘/getmeadmin,’” he said. “This event is received on Torq’s end and it invokes JumpCloud’s API to get the requester’s info. Security and posture checks are then run to verify the request’s legitimacy.”
If these checks are passed, the employee receives a one-time token on their alternate email address. They’re to copy the token, paste it into the Slack text box, and submit it.
Aner continued, “On validation of the token, another call is made to JumpCloud’s API to list the devices associated with the user. Then the user selects the device they need the privileges on and for how long.”
At this point, JumpCloud’s API elevates the user’s privileges, the user receives a notification to that effect, and Torq’s Wait Operator will run until the allotted time elapses and then revoke the privileges.
2. Approve Group Membership for a New User
As Derek explained, “groups” are very powerful tools in the JumpCloud platform, especially as they are the go-to means for binding users to particular resources.
“There are a couple of ways users can get added to groups on JumpCloud,” he said. “First is to go to the user profile and directly add them to the groups they need to be in. You could also do the inverse by going into the groups and then selecting the users you want to add to them.”
“Torq interfaces with HR platforms such as Bamboo, Workday, HiBob, etc.,” Aner explained. “The HR platforms’ payloads contain a few properties such as hiring manager details and the designated department, both of which Torq interacts with.”
Thus, when a new user needs to be added to a JumpCloud group, Torq sends a message to the hiring manager asking them to approve the addition. If the manager does, Torq obtains the JumpCloud group ID. An API then uses the ID to enroll the user into the group.
Aner highlighted that this three-step workflow can be part of a larger onboarding process and can purely act as a nested workflow.
3. Grant Just-in-Time Access to a Single Sign-On (SSO) Application
Derek sees just-in-time (JIT) and SSO access as a means of controlling who has access to an organization’s crown jewels, and when. He stated: “This is a process of a user making a request, verifying that the user is who they say they are, and granting them access to the applications for the duration of their task.”
Aner explained how to perform this workflow: “A Slack slash command ‘/getbackoffice’ triggers the workflow. Once Torq receives the commands, it calls JumpCloud’s API for validation of the user’s request, extracts the user’s alternate email, and sends a one-time token.”
After validating the token, the user selects the access duration, and another call is put through to JumpCloud API to add the user to a specific group they need to be in to gain the requested access. If the call is successful, the user gets notified of their temporary addition to the group, and upon the expiration of the time selected, the user’s access is revoked.
4. Confirm Failed Logins
Derek believes that failed logins are not necessarily always nefarious, but they could be a huge risk factor that may lead to bigger security problems. Thus, it is always helpful for admins to know when a user has attempted multiple failed logins so that they can investigate and take further action where necessary.
He explained that JumpCloud Directory Insights provide a look into whatever is going on in an organization’s JumpCloud environment, including who has access to what and when they’ve accessed it, log-on and log-off times, and failed login attempts.
He, however, points out that with Torq’s integration, admins are able to set the threshold for failed logins and when they should be notified of having had a predetermined number of failed logins.
Aner described further how this works: “Once the workflow is triggered, Torq parallel steps queries to the IP reputation with Abuse IPDB and Virus Total. When the results are obtained, the user receives a Slack notification informing them that multiplied failed logins have been attempted on their behalf.”
If the user confirms that these login attempts did in fact originate from them, the workflow ends. If not, then the security team gets notified, and they can choose to suspend the user’s JumpCloud and Google accounts and open a ticket to investigate the problem.
5. Investigate Devices’ Policy Compliance Status
“Devices are gateways to resources, and when a user has been verified and bound to a particular device, the device must be in compliance with policies implemented on it,” Derek pointed out.
He described how the JumpCloud console enables admins to see the status of devices tied to specific policies. He also mentioned that through JumpCloud reports, admins can get aggregated information on policies like OS and browser patches.
He also noted that in some instances an admin might want to know at a moment’s notice what devices are noncompliant with a policy.
Aner explained how this can be achieved with Torq: “First, Torq loops through the policies and checks their statuses as to whether they’re successful or not.” The automation extracts failed policies and identifies the device(s) on which the policies are not in place. The device names are clickable and they lead to the device page on the JumpCloud console.
This, Derek highlighted, helps the IT admin go exactly where they need to take further action on the device.device.
6. Request User Account Unlock in JumpCloud
According to Derek, a locked-out user is an unproductive user. He continued, ”When a user gets locked out of their device or account, the admin can go to the JumpCloud console, and switch the user’s account from ‘suspended’ to ‘activated.’”
Alternatively, Aner demonstrated a more efficient and secure method that required some user verification prior to re-activation. “The user is to execute a Slack slash command, ‘/unlockme,’ then complete certain security checks.”
After these steps, Torq extracts the user’s alternate email address from JumpCloud and sends a message containing a one-time token to the address. The user is to then use the token for validating their identity and Torq calls on JumpCloud’s API to unlock the user.
Gains of Implementing These Automations
As Aner pinpointed, the benefit of implementing these JumpCloud +Torq automations are as follows:
- Access to crown jewels is just-in-time based in addition to other access controls.
- The security controls reduce endpoint risk as admins’ roles decrease without compromising business continuity.
- There is an extra layer of identification that the alternative email provides, especially in an instance where the corporate account might have been compromised.
- There is zero IT intervention needed for repetitive roles.
- The workflows are built with security by design.
Streamline Your IT Stack with JumpCloud + Torq
The JumpCloud and Torq integration provides IT admins with a wealth of automations that can streamline their IAM, security, and device management processes. The six practical use cases discussed in this article demonstrate how these automations are designed to ensure secure access to corporate resources while reducing endpoint risk for organizations.
If you would like to learn more about leveraging JumpCloud + Torq for your organization’s automation needs, you should absolutely check out the webinar here and get visual examples of how these automations are implemented.