Macktez is a unique technology consultancy and managed service provider (MSP) that offers IT services, and designs high-caliber IT implementations for businesses and nonprofits. They work with creative companies to manage their internal technology, addressing the needs usually met by an internal IT department, and approach the technology as a user interface problem. They focus heavily on communication, documentation, and helping the staff to help themselves.
Macktez has found that Active Directory (AD) is no longer the best solution for all its clients. Instead, cloud-based directories offer a more modern approach for central management of client environments.
“While Active Directory is great in some ways, it has some very real practical limitations,” said Reilly Scull, CTO and principal architect at Macktez. “And there are a growing number of places where it’s no longer a great fit.”
“Our clients are reevaluating their on-prem solutions, prompted by our recommendations to enable their staff to work outside the office more easily. To do so, we design systems that allow them to work from anywhere.”
- Organization: Macktez
- Location: New York City
- Problem: Secure remote user authentication
- Goal: Centralized authentication authority
Background
Macktez has served businesses and nonprofits in a variety of creative and innovative industries for more than 20 years. The team discovered JumpCloud when they were looking for a cloud RADIUS solution that would enable secure Wi-Fi authentication and be more accessible and reliable than an on-prem implementation. Since starting with JumpCloud for RADIUS management, the Macktez team has explored the full platform and now uses all of JumpCloud’s identity, access, and device management capabilities to support its full client portfolio.
JumpCloud is a centralized tool that helps Macktez address client challenges such as adapting to the rise in remote work and shifting resources to the cloud, while reducing the risk and cost to do so.
Challenge: Delivering High-Caliber Implementations
New clients often come to Macktez because of business or operational changes. They typically want to:
- Reduce or eliminate reliance on legacy on-prem infrastructure
- Support distributed, remote, and hybrid work environments (without a VPN)
- Introduce access to resources with centralized authentication
Using JumpCloud as the primary directory, Macktez helps clients operate securely no matter where employees are located, and creates great end user experiences by using a single cloud directory platform to unify identities.
“When designing a consistent and unified user experience, you want to avoid exceptions. You don’t want to say to a user, ‘You have a credential pair that works for everything — except these ten things.’ Leaving those kinds of gaps undermines a high-quality execution,” Scull said. “Instead, you want to deliver a great user experience that can scale as clients add new staff, tools, and IT resources.”
Macktez designs open, scalable, and adaptive solutions that support clients today and in the future: “How well do these solutions scale? How robust are they? How reliable are they?”
Whether they use JumpCloud to supplement or replace AD, JumpCloud’s open directory platform helps Macktez in ways that AD can’t easily do well, like extending identities to Mac devices, web applications, and a growing number of resources outside traditional Windows domains.
Solution: A Cloud Directory Platform for Centralized Auth
With the JumpCloud Directory Platform, Macktez has a single, centralized identity, access, and authentication authority. They can import and create new users in JumpCloud and then extend those identities everywhere they’re needed. This includes:
- Mac, Windows, and Linux devices
- Productivity suites like Google Workspace and Microsoft 365
- Web applications via SAML/SCIM
- LDAP-backed resources like Linux file servers and Jamf
- RADIUS-backed resources like firewalls and Wi-Fi networks
JumpCloud enables Macktez to increase security for clients via authoritative identities as well as multi-factor authentication (MFA) at device and User Portal login. Through the JumpCloud User Portal, users access single sign-on (SSO) applications and other resources, and MFA further secures their access.
Macktez also uses JumpCloud to extend and secure AD domain credentials.
“JumpCloud extends Active Directory domain credentials outside of a VPN and to the internet in general, which is where our future-facing clients are moving their services. We all need to adapt to these changing times.”
Reilly Scull, CTO and principal architect
In many cases, Macktez can reduce or eliminate clients’ need for a VPN to provide secure resource access. Since the COVID-19 pandemic, providing access to increasingly remote users without the performance implications of a VPN has been particularly helpful.
“With JumpCloud, you no longer need to funnel everything through one firewall or one location,” Scull said. “For the majority of our clients, we no longer want to design a system for the scenario that everyone will be in the office — we want a system that can be more distributed. JumpCloud means having reliable and consistent authentication that can talk to almost any service.”
Macktez CEO Noah Landow added that for both their clients and their internal team, the focus has shifted away from in-office environments: “Historically, most of our larger clients were supported with in-person time and attention from our team of consultants, supplemented by remote support tools as needed,” he said. “But when the arrival of COVID-19 necessitated more of our client staff working from home, we were able to quickly flip approaches and keep them working well. Most of our own team, as well as many of our clients, in a matter of days switched to remote-first with only occasional on-site work.”
IT Workflow Automation
Using JumpCloud, Macktez streamlines processes and reduces costs for its clients through automation. One of the most impactful automations is the ability to provision users to their resources from a central point of command. This accelerates onboarding, improves security by ensuring the right permission levels are granted, and reduces costs for their clients as they accurately control the number of seats needed for various resources. With JumpCloud centrally managing identities, Macktez can also revoke access easily and quickly during offboarding.
“Anytime a client has 50 users or more, it immediately becomes inefficient to provision and manage them manually,” Scull said. “When you have a system that helps automate, that system makes your processes more secure — and often saves time and financial resources, too.”
JumpCloud Multi-Tenant Portal (MTP)
JumpCloud also offers a Multi-Tenant Portal (MTP) that makes managing multiple clients a breeze. The MTP gives MSPs a single pane of glass to view, access, and administer all of their clients. Macktez believes the cloud-based console is a better, more secure way to support many clients.
“Across a score of clients, we can use one hotkey and a biometric finger scan to log into the MTP, as opposed to what would be dozens of credential pairs with different MFA keys,” Scull said. “It would be a nightmare.”
The JumpCloud MTP also makes it easier and faster to manage invoicing. With JumpCloud, Macktez has a single view for monitoring clients’ user counts, application counts, and other data points used for invoicing.
Implementation: Onboarding and New Solutions
Every time the Macktez team starts with a new client, they have a kickoff meeting to map out the implementation plan. Depending on the client’s IT environment, this plan could be daunting. But with JumpCloud, implementation is much easier: Macktez can import users from existing directories, such as Google Workspace or Microsoft 365, and securely federate those identities across all the right IT resources.
For clients that use Azure AD, Macktez set up an automation in which users created in JumpCloud are automatically provisioned in Azure AD and then outward through that to other integrated resources like 1Password and Apple Business Manager.
They also provision user access via JumpCloud with:
- Cloud LDAP: Linux file servers, NAS appliances, Cisco phone systems, and Samba-level authentication
- Cloud RADIUS: Firewalls and Wi-Fi networks
- SSH: SSH credentials for internal Linux servers
- JumpCloud device agent: User identities and authentication on Mac, Windows, and Linux devices
- Directory integrations: Google Workspace and Microsoft 365
Once users are familiar with JumpCloud and their core credentials, it’s easy for the Macktez team to onboard and roll out new solutions for them to use because they enter the same JumpCloud credentials at login to each new solution.
“When we roll out additional services, it’s more ad hoc and does not require nearly as much communication to the staff,” Scull said. “Once people are familiar with using JumpCloud, the learning curve for the user is nonexistent. They log right in.”
The Result
With JumpCloud, Macktez has a powerful cloud directory platform that provides them with a secure centralized authentication authority, and a single console to simplify and accelerate daily tasks like onboarding and offboarding users. The team isn’t forced to toggle constantly between tools and they give clients an open, future-proofed infrastructure that can grow with them.
“Using JumpCloud is much easier and less time-consuming than jumping around to multiple services to accomplish the same goal,” Scull said. “It works for the IT administrator better. It works for the end user better. It works for the finance department better, because it tends to be cheaper than trying to manage these tools independently.”
It’s also a reliable part of their stack:
“JumpCloud is really consistent. Everything it does, it does well.”
Reilly Scull, CTO and principal architect
Learn More
The JumpCloud Directory Platform is a comprehensive platform to manage user identities, resource access, and devices. JumpCloud offers a Partner program for MSPs and resellers, including competitive margins and co-marketing opportunities. Read about how to amplify your managed service business.