How does user management work with Directory-as-a-Service®?
JumpCloud manages user accounts and a myriad of related employee data such as address and phone information, profile pictures, and more. These users and their identities can then be connected to the IT resources they need including systems (Windows, Mac, and Linux), cloud and on-prem servers (e.g. AWS, Google Cloud, Azure, internal data centers, etc.), web and on-prem applications via LDAP and SAML, data and file storage, and wired and WiFi networks through RADIUS. Access can be granted and managed via JumpCloud’s web console. User management includes the following seven aspects: authentication, authorization, auditing, multi-factor authentication, real-time security monitoring, RESTful open APIs, and SaaS (cloud-based delivery). Learn More.
What operating systems does JumpCloud support?
JumpCloud supports Windows, Mac, and Linux systems. You can find the specific supported versions here.
What applications does JumpCloud support?
There are thousands of on-prem and SaaS-based applications that are covered by JumpCloud. We provide authentication support through various protocols, including SAML 2.0 and LDAP. Many of the most popular applications are supported, including Salesforce, GitHub, Dropbox, OpenVPN, Slack, Jenkins, and thousands more.For web-based applications, JumpCloud provides out of box connectors to leading SaaS applications. For those we do not provide explicit support for, we offer a generic SAML adapter that functions with custom apps. This provides support for applications that may not be explicitly listed. Additionally, we support LDAP authentication for legacy products. Learn More.
What is the difference between conventional SSO and JumpCloud?
The main difference between conventional SSO and JumpCloud are the resources they can operate with. Conventional SSO offers support for web applications and most commonly uses the SAML protocol for authentication. With JumpCloud, you get “True Single Sign On™” support because we function as the core user directory and provide a wide array of protocols to authenticate IT resources, not just web-based applications. End users can be connected to their systems, applications, data, and networks through one user account, whether located in the cloud or on-prem. True SSO means one identity to provision access to all resources. Learn More.
How does LDAP-as-a-Service work?
JumpCloud’s LDAP-as-a-Service provides support for the OpenLDAP protocol, enabling IT administrators to bind legacy and other resources that can defer to an LDAP backing directory for authentication. JumpCloud’s cloud-based LDAP services supports OpenLDAP RFC 2307 and enables for the access of both user and group objects. Essentially, all an organization needs to do is set up their users in the cloud directory and decide what they need access to, and what level of access control they need. If the application connects via LDAP, IT admins simply point the application to the JumpCloud LDAP infrastructure.
For a more in-depth explanation, watch our whiteboard video on How LDAP-as-a-Service works. Learn More.
Can JumpCloud manage groups?
Yes. JumpCloud offers support for Groups as a core functionality of our platform, which serves to connect users with the IT resources they need. For example, IT admins could create a marketing group that has access to the marketing resources of the organization. Then, if users are added to the group, their unique accounts are automatically provisioned to the marketing group’s resources. Similarly, if a user is deleted from the group, all of the specific access is terminated. With JumpCloud Groups, it is easy to manage access in bulk while maintaining distinct authenticated access for users. Learn More.
What is the difference between JumpCloud and Active Directory®?
While JumpCloud’s Directory-as-a-Service and Microsoft Active Directory are both directory services, there are fundamental differences between the platforms. Some of these differences include the supported operating systems, supported protocols, networking logistics between on-premise and cloud-based resources and, finally, cost. Perhaps the most important difference is in how each directory service platform is leveraged. Active Directory is best suited for exclusively Microsoft Windows environments, whereas JumpCloud does best in a heterogeneous environment where there may be Macs, Linux, AWS, G Suite, Synology, or other non-Microsoft solutions. A more detailed breakdown of these differences can be found here.
Why use JumpCloud over AD?
There are many reasons why JumpCloud’s Directory-as-a-Service may be a better solution than Active Directory. Some of the key reasons to use JumpCloud as an alternative to Active Directory include:
- System Authentication – If you have a mixed platform environment using Mac and Linux systems alongside Windows, Active Directory makes it incredibly complicated to authenticate those non-Windows systems. With Directory-as-a-Service, you can have full user management control over Windows, Macs, and Linux systems from one centralized location. Furthermore, authentication does not require a VPN connection to authenticate against JumpCloud’s cloud-based directory, nor maintain a persistent connection.
JumpCloud’s system authentication also enables survivability, allowing users to continue to log in to the system regardless of whether there is an Internet connection or not.
- System Management – Similar to authentication, Active Directory makes it difficult to manage systems that aren’t Windows endpoints. Directory-as-a-Service alleviates these challenges by providing seamless system management capabilities for all three platforms, including command execution, event logging, and multi-factor authentication (MFA). IT admins can run scripts or commands on each type of platform, leveraging whatever scripting or programming language that the system supports. Additionally, tasks can be executed on an ad-hoc basis or on a schedule. Plus, full logging and error reporting is included to help determine if any errors occur and ensure that tasks complete.
- Infrastructure-as-a-Service Support – Directory-as-a-Service helps you efficiently manage servers with a cloud-infrastructure provider of your choice, or your own virtualized infrastructure. With JumpCloud’s agent-based architecture for cloud servers, we assist DevOps / sysadmins by avoiding all of the networking and security challenges (i.e. remote endpoint needing internal AD server access, adding VPNs, connecting non-Windows systems) that come with connecting cloud servers with an on-prem Active Directory server. Directory-as-a-Service and our agent-based approach creates a mutual TLS connection to each server, ensuring secure communication and no extra work for IT admins. No networking or security hoops to jump through. Note, that you can also use JumpCloud’s approach to managing users and systems for on-prem servers as well.
- LDAP-as-a-Service – Having to set up an LDAP server is a tedious process with a large amount of setup and management required. With Directory-as-a-Service, you get LDAP embedded as a core function, allowing user credentials to be authenticated via native protocols for applications through LDAP. All of the work necessary to network across the internet securely is handled by JumpCloud, including keeping it resilient and available at all times.
- RADIUS-as-a-Service – As the world has shifted to WiFi networks, the process of connecting access to your Active Directory instance has become quite painful and time-consuming. It can require additional servers, networking, and integration. With Directory-as-a-Service, you get global RADIUS infrastructure in the cloud, simplifying the implementation of RADIUS and increasing your WiFi security. On top of that, JumpCloud offers a wide variety of authentication methods for RADIUS including EAP-TTLS, PAP, and PEAP.
- Self-Hosted vs. -as-a-Service – Active Directory is a solution that IT must implement, maintain, and fix. All of the responsibility is on your IT staff. Directory-as-a-Service, on the other hand, is delivered as a service; all of the heavy lifting is done by JumpCloud.
You can learn more about the differences between JumpCloud and Microsoft Active Directory here, or by contacting us; we would be happy to discuss them with you.
What is the difference between JumpCloud and OpenLDAP™?
Due to how new JumpCloud’s Directory-as-a-Service is, it is often compared with OpenLDAP. In fact, Tim Howes, one of the co-creators of LDAP, sits on JumpCloud’s technical advisory board.JumpCloud leverages OpenLDAP as part of its global network of LDAP servers. Most often, applications that can connect with OpenLDAP can connect to JumpCloud’s cloud LDAP solution. The difference is that IT admins and DevOps engineers do not need to install, configure, manage, maintain, and secure an LDAP server. JumpCloud handles that for you. A more detailed breakdown of these differences can be found here.
How can I manage SSH keys with JumpCloud?
Directory-as-a-Service enables self-service SSH key management. JumpCloud follows best practices for secure SSH key management. This means that SSH keys are never created inside the cloud-based directory platform. Instead, a user generates their keys securely on their platform. Then, the private SSH keys are kept in the user’s possession, and are used to pair with the public keys on systems that leverage SSH keys. Learn More.
If I still use Active Directory, how can JumpCloud help?
JumpCloud’s primary function is to act as our customer’s main identity authority. However, many of our customers still use Active Directory and intend to keep AD as their identity source of truth. To assist in this use case, we offer an AD Bridge, which can be installed on your AD Domain Controllers to keep the specific identities and security groups you wish with JumpCloud. Your users don’t change their workflow at all – they simply change their password like you typically would for AD. JumpCloud can then be used to connect an AD identity to, as an example, a Linux Server on AWS or a Mac device. There is no network tunneling needed to connect to your on-prem AD. We deliver your AD credentials directly and securely to Linux hosts, Mac laptops, or other resources that can connect through JumpCloud’s various protocols. There are a lot of reasons why it’s time to start moving to fully cloud-hosted servers, but for some organizations a hybrid identity infrastructure is just the right fit. With Active Directory as your on-prem source of truth, JumpCloud can be the cloud identity management complement to manage non-Windows based IT resources. You can learn more about it here.
What integration features does JumpCloud have?
JumpCloud’s use of protocols enables easy integration with a wide variety of IT resources including systems, applications, storage systems, and networks. Specifically, JumpCloud supports the LDAP, SAML, and RADIUS protocols, native user and system management APIs for Windows, Mac and Linux integration, and a REST API for your own custom integration needs. JumpCloud uses the OAuth protocol for its integrations with G Suite™ and Office 365®. Information on each protocol and examples of each can be found in the list below:
System Agent examples:
If you have questions about any of the integration features, the integration process, or if there is a specific integration that you would like to inquire about, please contact us and we would be happy to talk.
Does JumpCloud work with on-premise resources?
Yes. There are many organizations that still have a large number of applications or other resources that live on-premise, and these resources more often than not are required to authenticate against LDAP. JumpCloud natively supports LDAP, allowing easy communication with both on-premise and web applications.An organization’s laptops and desktops, file servers and storage systems, and networks can all be located on-prem or remote as well. These resources can all be addressed by JumpCloud, with tight user and system management, connectivity for users and their files and data, and secure WiFi authentication capabilities that help secure the on-prem WiFi network.
If you have any further questions, please reach out to us on our contact page.