A core part of the JumpCloud Directory-as-a-Service® solution is its user management capabilities. User management capabilities include the following 7 aspects, detailed below:
Authentication – Who Can Access Your Devices and Applications
Authentication refers to the process of defining and implementing who can access devices and applications.
JumpCloud easily provisions business user accounts and permissions to desktops/laptops, servers, and applications in seconds. IT admins simply add a user (either manually or through an import process) and connect those users to IT resources they need. Once JumpCloud provisions the users, it’s easy for IT admins to connect them to the specific devices and applications they will need to do their jobs.
Users can be grouped to provide stronger abstractions—by job function, for example—or they can individually be granted access to IT assets. With JumpCloud, businesses can centrally control authentication, rather than separately for each type of IT resource, thereby increasing security and auditability.
Authorization – What Users Can Do
Authorization relates to what users can do in terms of access granted through a directory. For instance, some users will have access to high-security data, while others might not have that privilege.
JumpCloud processes authorization in two ways. First it confirms user identities through a cloud-based directory. It also enables differing levels of access, in order to authorize the most tailored access possible. For example, JumpCloud enables IT admins to easily provide and manage sudo and fine grained sudo rights to determine what users can do on your servers. We do this by using “groups” and “tags” to creates matrices of levels of access depending on individual user needs.
Auditing – Meet Audit Requirements
Auditing refers to the ability to verify user access and login histories to ensure top-notch security.
JumpCloud tracks all logins to all servers, keeping a comprehensive database on login history. Admins can simply download all access logs and deliver those to auditors. A number of regulations including PCI, HIPAA, and others require organizations to track all logins to their critical devices. With JumpCloud, that process is a snap.
Multi-Factor Authentication – Added Security Implemented Simply
Multi-factor authentication is a login step that requires users to provide information from an additional “factor” – i.e. something that have versus something they know. Over the last few years, multi-factor authentication has ramped up in use, becoming a prevalent method to increase security.
JumpCloud’s multi-factor authentication quickly increases secure access to key devices. No need to deploy enterprise software or distribute tokens, JumpCloud’s multi-factor functionality is enabled from the Web-console, and is already embedded into each JumpCloud agent. The second factor is delivered via your smartphone.
JumpCloud’s MFA functionality is quick, easy, and cost-effective to implement. In addition, access to the JumpCloud console itself can be enabled with MFA.
Real-Time Security Monitoring – Prevent a Compromise
JumpCloud provides real-time monitoring of all logins. Are the right people logging in to your servers and then what are they doing while they are on the server? An often overlooked part of user management is monitoring access for potential issues. JumpCloud tracks where users login from to ensure that credentials haven’t been compromised by a third party and they are masquerading as a legitimate user. Further, JumpCloud monitors for brute force attacks and alarming admins if those attacks are using legitimate usernames. JumpCloud’s security features round out a complete user management product and ensure that only the right users are on your servers.
RESTful Open APIs
JumpCloud supports a broad set of open APIs and standard protocols. These include our open REST-based API that can enable command line execution of virtually all UI controls. These include adding/removing users, changing access / privileges, generating telemetry events, and reporting. Further, JumpCloud supports LDAP, SAML, and other protocols as well. These standard protocols can be leveraged for authentication and authorization to device or applications that utilize those protocols.
SaaS, Cloud-Based Delivery
Perhaps one of the most significant benefits over solutions such as LDAP or AD, JumpCloud requires no infrastructure. For organizations that are leveraging LDAP today, JumpCloud’s hosted LDAP service can be used agentlessly to authenticate and authorize devices or applications. Alternatively, IT admins can download and install the JumpCloud agent with a one-line kick-start script or embed the agent in Chef or Puppet scripts. The agent provides increased redundancy while also enabling device management. JumpCloud centrally manages access to devices and applications easily with a cloud-based interface.