What Is Directory Insights (And Why Does It Matter)

Written by Nabeel Syed on July 18, 2022

Share This Article

IT administrators and managed service providers (MSPs) need visibility across their organization’s devices, identities, and resource access controls to monitor security and meet compliance effectively. 

If you’ve been around the IT admin block, you’ve probably relied on traditional log analysis and management solutions for organizing directory data in the past. 

Unfortunately, many legacy solutions are expensive and challenging to implement because of their complex integration requirements. Admins must custom feed the log for each authentication protocol or service into the analysis solution. Translation: it takes additional effort, time and resources to determine when, where, and how users are accessing IT resources.

The good news? Admins can now make faster, easier, and more reliable decisions based on meaningful data with Directory Insights. You won’t need to set up a point solution to get your data because Directory Insights is integrated into the JumpCloud platform.   

What Is Directory Insights?

Directory Insights is the JumpCloud open directory platform’s event logging and compliance feature. It’s a solution for admins that combines raw events logs with numerous other data sources to provide an audit log of CRUD and Auth events.

Screenshot of Directory Insights

As an open directory platform, JumpCloud provides many services through a single solution — covering user management, MFA, cloud RADIUS, cloud LDAP, SSO, MDM, and others. Given the complexity of user actions and authentications to JumpCloud, data presentation is critical for informed decision making.

Identity and access data sits at the core of every organization’s most critical IT operations, compliance, and security. By creating a database of each customer’s directory platform data, we can provide informative and actionable data points through Directory Insights.

Within Directory Insights you gain access to over 120 different types of events that occur within the JumpCloud ecosystem! Even more good news? This number is ever growing as our team adds new capabilities.

What Can You Do with Directory Insights?

The Directory Insights architecture allows you to generate events from anywhere in the platform, including authentication events through various protocols, system authentication events, end user changes to their identity and attributes, and admin updates. 

This means admins can track virtually anything happening from identities to devices to usage. The result is unified visibility of multiple data points from a single pane of glass. 

Through Directory Insights, IT admins and MSPs can prevent identity compromises, support compliance and audits, and troubleshoot operational issues. Here’s a closer look at how this JumpCloud feature can help you achieve your aims:

1. Streamline Audit Prep Times

It’s essential to maintain a chronological record of events for quarterly, bi-annual, and annual audits. Although it never is, every admin wants the audit process to be simple, and many of the admins we speak with need to provide data to support their status as a compliant organization.

For example, say you’re navigating your organization’s annual SOC 2 audit. Your auditor wants to determine if you’re maintaining user access data. So, she picks out a user at random who left your organization last month. 

Suddenly, you’re tasked with retrieving data to show your organization revoked user access from their device. Directory Insights can provide a history of user events that shows compliance quickly and easily.

Simply, view the user_delete, user_suspended, and user_delete_provision events in Directory Insights to show a user’s access being removed.

2. Troubleshoot User and System Incident Causes

Often the most time-consuming parts of an admin’s day is troubleshooting a user incident. Directory Insights illustrates essential data points to help identify root causes and remove blockers for users. 

For example, say a user informed you he was locked out of their device for the second time today. Instead of having a long back-and-forth conversation with the user, simply check Directory Insights to see his authentication and lockout events to figure out the root cause. 

Zero in on the user_lockout, sso_auth, and login_attempt events in Directory Insights to troubleshoot a user’s authentication. 

3. Track Crucial Events

IT admins can also view crucial events from their Directory Insights console. Crucial events can range from authentications from risky IP addresses to failed MFA attempts that often trigger security concerns. 

For example, say you notice an increase in the number of failed MFA attempts. This event will notify you of the anomalie so you can reset passwords or suspend users.

These crucial events can provide visibility to admins to take action and keep their organizations secure. Directory Insights provides a complete view of IT ecosystems, allowing admins to monitor and keep their organizations in compliance.

4. Alerts and Notifications

Finally, events from Directory Insights will be integrated into an Alerts and Notification center (a new feature in your HomePage) in the near future. This will allow IT admins to get notified on events when they occur. Planned future releases will include the ability to customize your own alerts that help combine different Directory Insights events to raise the alerts that you care about.

For example, say you want to be alerted when a user attempts to login from a geolocation outside the United States. Admins will be able to create alerts when a login is made from (say) Canada — notifying the admin on potential security risks or compliance concerns.

Additionally, to remediate failed logins you can set up a conditional access policy requiring an MFA for user logins coming from outside the United States. 

Unify Routine Tasks with JumpCloud

In many ways, an IT admin’s success comes down to two questions: Can they find the data they need when they need it? And can they derive meaningful insights from it?

If you’ve been struggling with user identity and access management, troubleshooting, or compliance preparation, we recommend Directory Insights. Remove the burden of jumping between multiple point tools to find the data you need. 

With Directory Insights you gain access to event logging and compliance functionality that combines raw event logs with multiple data sources for convenient audit trails; it’s a game-changer. 

Directory Insights is included in the JumpCloud Core, Platform, and Platform Plus packages. Fully evaluate JumpCloud for free for up to ten users and devices.

Nabeel Syed

Nabeel is a Product Manager at JumpCloud and focuses on building great data products and services. When he's not working, he enjoys the outdoors, music and rowing!

Continue Learning with our Newsletter