Introduction
As a financial leader in the credit and debit card rewards space, Augeo FI has helped over 1,200 institutions deliver compelling loyalty programs. They’ve been so successful that they were recently acquired by Lightyear Capital, infusing Augeo FI with the money they needed to modernize their IT environment. Their overhaul included plans to migrate to the cloud and a mission to gain centralized control over all of their digital assets, including Windows®, Mac®, and Linux® systems. Fortunately, they knew just where to turn to make this happen—JumpCloud® Directory-as-a-Service®.
- Organization: Augeo FI
- Size: 110 Employees
- Location: Naperville, IL
- Problem: Legacy directory service, decentralized IT environment
- Goal: Cloud-forward, centralized IT environment
Background
Peter Lasky led the charge in leveling up the company’s IT infrastructure. Peter told us, “I’ve been with Augeo FI for about ten years. In that time, I’ve worn a lot of hats, the most recent one being Director of Technology. My role includes handling parts of vulnerability management, implementations, scaling, scoping, and cloud migration.
“One of the many benefits of being sold is that we now have the capital to really grow the company and to perform some much needed maintenance, like migrating to the cloud.”
The Challenge
With their cloud-future in reach, Peter and his team knew they needed to change their identity management infrastructure. Peter explained, “Before JumpCloud, we were using Active Directory® even though we also had Linux servers and Mac systems in the mix. Having a mix of systems made it difficult for us to centralize access to everything, so we ended up using Centrify to bring those three environments together in Active Directory. Using that was okay when everything was on-prem. Once we started talking about using the cloud, we had a whole list of questions around how AD was going to fit in our strategy.”
These were some of the questions Peter and Augeo FI were asking:
- How do we get Active Directory to auth these cloud environments?
- How do we get our external applications to authenticate to Active Directory?
- How do we get into services like AWS® or LogMeIn with just one username and password?
- How do we use that one username and password for desktop authentication with Linux, Mac, and Windows?
“We looked into many options, including Okta®. They’re pretty big in the identity management game. But the only solution that could meet our requirements was JumpCloud.”
The Solution
Testing JumpCloud only solidified Augeo FI’s decision to use the cloud-based directory service:
“A couple of engineers and myself started testing on our home networks. In my testing, I put JumpCloud on about six computers, and I actually used RADIUS to authenticate to my WiFi. I even got my entire family using it, including my eight-year-old son.”
“After my team and I finished with our testing, we all decided that we liked JumpCloud because it was clearly going to provide us with one portal to manage everything and because it’s easy to use and scalable. That’s ultimately why we chose it.”
Implementation
As soon as they finalized their decision, Peter and his team went to work implementing JumpCloud across their IT environment. So far they have implemented JumpCloud across their systems, applications, network, and VPN solution, with plans to roll it out across their server environment in AWS.
Cross-platform System Management
Augeo FI was particularly glad to gain cross-platform system management. Peter remarked, “We’ve had so many problems trying to manage Macs with Active Directory because the two simply don’t play well together.”
In the process of implementing JumpCloud, Augeo FI decided to upgrade their Mac fleet, and they were impressed with how easy it was to integrate their new Mac systems with JumpCloud:
“We installed the JumpCloud System Agent, we added users, we added some profile requirements, and it all just worked. We didn’t have to figure out how to get them to connect to Active Directory.”
“Our engineers were really excited about it. They were saying, ‘How does it work? It just works!’”
Applications
Besides system management, Peter is also leveraging JumpCloud’s seamless integrations with G Suite™, Office 365™, and other web-based applications by leveraging SAML:
“JumpCloud integrates so well with G Suite and Office 365. It’s really going to help provide us with the end-to-end onboarding we’ve been wanting to establish. We’ve also set up a number of SAML integrations in JumpCloud, including one for AWS. We’re just going to add countless more as we expand. JumpCloud is our go-to for SSO (single sign-on).”
RADIUS
“Additionally, we’re using JumpCloud RADIUS servers to authenticate WPA2 enterprise access to Ubiquiti® wireless access points.” Peter told us. “So, when an Augeo FI workstation comes or goes, they’re going to re-authenticate to the network using their JumpCloud credentials. That authentication is much more secure, because it’s not just a shared password that’s on a sticky note somewhere.”
OpenVPN
Lastly, OpenVPN plays a critical role in providing remote software engineers with secure access to Augeo FI’s infrastructure. Fortunately, it was a breeze integrating it with JumpCloud too. Peter elaborated, “When we moved to a hosted datacenter in AWS, we decided to implement OpenVPN because it was cheaper for us to roll our own VPN solution to an EC2 instance than use AWS VPN.
“The integration between OpenVPN and JumpCloud was seamless. It took us about 30 minutes. We went into JumpCloud, copied the string from the portal, put it into OpenVPN, and we were authenticating! We were binding and authenticating. Using OpenVPN with JumpCloud is great because you get centralized user management.
“Having separate usernames and passwords for an environment is really the bane of any systems engineer or service desk engineer’s existence. So it’s great that we can avoid it altogether.”
“We implemented OpenVPN to provide programmers with the ability to remotely deploy code in a lower environment, like a Dev or Q/A environment. So it’s mainly for engineers who work from home. There’s also a disaster recovery piece to this. In the event that our building is no longer here, how do we get into our environment? Now, that’s through OpenVPN and JumpCloud’s credentials and roles. Lastly, the other piece to using JumpCloud with OpenVPN is that it allows us to comply with PCI requirements. There are certain roles and separations of duties that have to happen, and we’re doing that all through JumpCloud User Groups and roles through IAM in AWS.”
The Result
As Peter has rolled out JumpCloud across a majority of Augeo FI’s IT resources, they’ve been successful in consolidating user management into one cloud-based solution. As a result, Peter has been able to streamline user management tasks, save money, optimize compliance audits, and strengthen security.
Streamlined User Management
“One of the areas where we have near-infinite time savings is onboarding,” Peter said. “ Now that we have JumpCloud, we can onboard a new hire in a matter of a couple of hours. We use Groups to organize roles, what those roles need access to, and what kind of access they have. We’ve created a form that allows a department to check what resources a new hire needs, and then we just assign a new user to the right Groups according to what boxes were checked.
“It’s been incredible to go from having new users fully onboarded two weeks after they started, to having them onboarded to everything two weeks in advance.”
In addition to faster onboarding, Peter mentioned that they’ve almost eliminated password reset support tickets. They’ve gone from spending 10 hours a week on password related support tickets to 15 minutes a week, if not less. Peter recalled, “We used to see about 100 tickets every two weeks related to password resets. Now, we barely get one a month, and it’s all in large part due to how easy it is for end users to self-service a password reset.”
Reduced Costs
Additionally, JumpCloud’s completely cloud-based approach has allowed Augeo FI to eliminate their on-prem identity management infrastructure, saving them a significant amount of money. Peter informed us:
“When we were using Active Directory, we were paying about $100,000 annually in Microsoft® licenses for our Windows Server infrastructure—server licenses, data center licenses, and user Client Access Licenses (CALs).”
“I don’t know the exact amount of savings with JumpCloud off the top of my head, but it’s significant when you talk about the Microsoft infrastructure being replaced. Our use case is probably unique because we are moving from a Windows server environment to a strictly Linux server environment with macOS® and Windows Pro desktops in the mix as well. JumpCloud allows us to centrally manage all of these systems with just one solution, at one price.”
Optimized PCI Compliance Audits
Next, Peter has found it much easier to demonstrate compliance:
“My team and I are responsible for providing reports that show when a user left the company and when their access to resources has been removed. Typically, an auditor will ask for a list of users and a list of all the changes that have taken place in JumpCloud. Then they’ll look through and see when a user left the company and if there are changes that show the user’s access to resources has been removed.
“JumpCloud really simplifies this because we just have to delete a user in this one solution, and then a user no longer has access to anything.
“Not only does this make it easier for us to do our jobs, but it also allows us to provide auditors with a single report where they simply have to look for deleted users. It’s a lot easier for them to tell if we’re compliant or not when it comes to user access.”
Stronger Security
Lastly, Peter has been really satisfied with the improved security at Augeo FI since implementation. Peter shared, “When it comes to security, it’s amazing that JumpCloud offers MFA (multi-factor authentication) for the user and admin console, applications, and Mac and Linux systems. Additionally, if there’s a brute force attack, JumpCloud has a mechanism in place where it will lock out the user after a predetermined number of failed login attempts. Admins will be notified of the user being locked out, and then they can investigate the problem relatively quickly.”
In the event a compromise is experienced, centralized user management makes it just a tad less stressful. “You go into your JumpCloud portal, select a user, suspend the user, and then you can do your impact analysis after that.” Peter explained. “You’re not trying to scramble and find which passwords are compromised, which users, which systems, and whatnot. Also, because you have centralized authentication, you have the peace of mind that comes with the fact that when you disable a user, you have now protected yourself against any future attack with those credentials in every resource simultaneously. So that’s a big win.”
Benefits
When IT admins can achieve results that deliver unified user and system management, the whole organization benefits. Peter agreed as he told us, “The benefits of centralized user management are immense and impact everyone. For example, Accounts Payable only has one set of billing for your authentication method; every end user only has to deal with one set of credentials; for the admin, user provisioning becomes very automated and removing access is also streamlined.”
So if you are interested in figuring out if you can achieve similar results and benefits by using JumpCloud in your own IT environment, where do you start? Peter recommends signing up for a free account:
“Start the free trial now. It’s a ten user trial. That’s the best way to learn the features and to see if JumpCloud is right for you. That’s what we did. We started the trial, got the ten free users, and then implemented it to see if it was the right path.
“Honestly, there’s so much potential for fixing things in your environment that you didn’t even know were broken, and JumpCloud likely has a solution for every one of your IT related problems.”
More Info
For more information on how you can decrease costs, spend less time on onboarding, gain peace of mind about security, and reduce compliance audit hassle, drop us a note at [email protected].