By Vince Lujan Posted July 12, 2017
Microsoft Active Directory® has been the go-to standard for a lot of businesses, especially large companies running primarily Windows desktops, laptops, servers, and applications. Yet, Active Directory can be challenging to implement and maintain – especially for smaller cloud-forward companies. This is because, in many ways, AD represents the old way of managing directory services and on-prem infrastructure. Furthermore, moving to the cloud has been especially challenging for organizations running Windows because they are essentially locked into the Microsoft ecosystem. Fortunately, JumpCloud’s Directory-as-a-Service® makes cloud based Windows user management simple and accessible.
This blog discusses a few key features for managing users connected to a JumpCloud managed Windows system. To begin, we will discuss password complexity management, followed by binding a new user to a Windows system. Finally, we will discuss the process of removing a user from a Windows system using JumpCloud.
Password Complexity Settings
Passwords are the first line of defense from potential attackers. A strong password goes a long way to protect your data. JumpCloud’s identity and access management (IAM) platform offers a variety password complexity settings that can be implemented on any Windows system (Mac and Linux as well) and will be enforced at the desktop login screen.
These settings can also be configured on a global account basis, meaning any security settings enabled by the administrator will apply to all managed users and systems. From the Settings tab in the JumpCloud administrator console, the admin can configure various password complexity settings like minimum length, case sensitivity, and include numbers and special characters. Admins can also set password aging and lockout attributes. For example, you can decide when the password will expire, whether or not to accept previously used passwords, and how many attempts at login before the account is locked.
Users can also utilize our self-serve password configuration feature to reset or update passwords at any time. As the source of identity, any updated credentials are then pushed out to all resources provisioned and managed by JumpCloud. Passwords are stored leveraging a one-way hash and salt to help safeguard user information.
Binding a New User to a Windows System
JumpCloud streamlines the process of binding a new user to a Windows system with the JumpCloud agent installed. Once a new user has been created in JumpCloud, you can bind them to a JumpCloud managed Windows system with the click of a button. You simply check off which system you want to bind the user to.
Binding a user initiates a few actions on the desired Windows system. First, the agent that is living on this system is communicating with JumpCloud every sixty seconds to check for updates see if it needs to make any changes. In this case, the agent identifies that a new local user profile must be created on the system with all of the settings configured by the administrator, such as the password complexity settings discussed previously. The Windows machine then creates a new local user and initiates the new account creation process for initial login. Once created, the user is able to log in with their credentials provisioned by JumpCloud.
Removing a User from a Windows System
The process works in much the same way when you need to revoke access to the system. Simply disable the user account in the administrator console and access to all related systems and resources is thereby revoked. Once the user is in a disabled state, they will no longer be able to access any of the IT resources they were provisioned during user creation. Furthermore, their credentials will no longer allow access to the system they were bound to.
Windows User Management with Cloud IAM
JumpCloud’s identity and access management solution has taken the heavy lifting out of cloud-based Windows user management. Users can be connected to all of the IT resources they need to do their jobs from anywhere on Earth with just a few mouse clicks. With JumpCloud, companies can leverage all the benefits of a legitimate directory service with none of the heavy lifting — all done securely and efficiently from the cloud.
If you would like to learn more about the next step in Windows user management in the modern enterprise, contact us here. We’d be happy to walk you through how cloud identity platforms such as Directory-as-a-Service are changing the game for modern IT organizations. If you are inclined, you can also try out our cloud directory for yourself. Your first 10 users are free forever.