Sapling is a people operations platform that helps HR professionals automate tasks, integrate and streamline data across multiple HR systems, and deliver amazing employee experiences. Ramesh Doddi, Sapling’s Vice President of Engineering, oversees the organization’s security operations and IT infrastructure — and he identified the JumpCloud® cloud directory platform as an ideal way to eliminate multiple point solutions in Sapling’s environment.
- Organization: Sapling
- Size: 50 users
- Location: Distributed workforce in the U.S., Canada, India, and Pakistan
- Problem: Management of point solutions
- Goal: Unified identity and access management (IAM)
Background: Managing Point Solutions
Sapling’s IT team spent much of their time managing and stitching together a complex mix of IT solutions, as well as provisioning and access control tasks.
The team managed a combination of systems for identity and access management (IAM) — including open-source LDAP, Google Cloud Identity, Jamf for Mac management, Okta for SSO, and 1Password for password vaulting. Doddi wanted to consolidate the team’s tooling and introduce more streamlined workflows without sacrificing security.
“Sapling is in the HRIS space: We take care of sensitive information for our customers, and it’s very important for us to receive the same assurance from vendors we use,” Doddi said.
Challenges: Security & Efficiency for Remote Work
Sapling relies heavily on cloud infrastructure, including Azure, AWS, and Google, as well as G Suite and a suite of SSO applications. Users engage with a mix of Linux® servers and macOS®, Windows®, and Linux machines. About 60% of the organization’s workforce was remote prior to the pandemic, and now they’re entirely remote.
Doddi and his team needed a solution to consolidate and simplify their IT stack, as well as manage remote users and devices. They also needed a solution that would help them achieve SOC 2 compliance and maintain stringent controls to protect customer data.
Before finding JumpCloud’s all-in-one access control and device management platform, the team evaluated point solutions as the best option. However, Doddi realized that he could select a comprehensive solution so internal teams could spend more time working on their own platform rather than on stitching together IT tools.
“Our competency is enabling people to build the best companies — through our people operations platform,” Doddi said. “I thought this was the best use of time.”
Solution: ‘Swiss Army Knife’
When Doddi found JumpCloud, he realized he could use it to eliminate solutions in Sapling’s stack, including LDAP, SSO, and Apple MDM.
“I was not expecting anything to meet all of our different categories of needs. JumpCloud is a Swiss Army Knife.”
Now, Doddi and the team use JumpCloud’s MDM to secure much of their fleet, which is majority macOS. JumpCloud MDM is a key part of their security tooling, particularly now that their workforce is entirely remote.
“Mobile systems are very fluid, and they walk away, whether someone steals it, you drop it in the train station, or forget it somewhere else — these things happen,” Doddi said. “To eliminate the risk of that, we have a multi-layer approach.”
In addition to MDM, they use JumpCloud’s pre-built Policies to secure the entire fleet with various controls, such as disabling external storage devices. They use the premium Directory Insights™ feature both for proactive auditing and to build reports for regulatory compliance schema. Directory Insights gives IT administrators a 360° view of user and administrator events and authentications across their connected services.
The Sapling team uses Directory Insights to monitor user activity, track user access patterns, and verify that new users or existing users who change roles have proper access rights.
Doddi also uses JumpCloud to require multi-factor authentication (MFA) at high-value access points, including user machines and cloud infrastructure.
“Without any extra hardware, I can require two-factor authentication, and I can enforce it very fast,” Doddi said.
Implementation: ‘It Was Very Fast’
Doddi had an easy time implementing JumpCloud, particularly because he set up a JumpCloud Free account and used it to test the platform’s full functionality for free. By the time Sapling decided to use JumpCloud officially, Doddi imported users from G Suite using JumpCloud’s directory integration and got everything up and running quickly.
Now users enter the same core credentials to access their machines, User Portals and SSO applications, G Suite accounts, and most other IT resources.
“We are a team of 50 people, globally spread, and within one week everybody was in JumpCloud and it was very fast.”
JumpCloud enabled the Sapling team to be both more efficient and more cost effective.
“Picking the best-of-breed tool in each area sounds good because you can get the best from each, but the problem is that you need to have enough experts,” Doddi said. “Instead of one person, you need to train three people in three different areas, and then afterward you need to build leadership around it. The cost footprint around it grows. We also had unused utilities — and we couldn’t justify the financials.”
The team once spent more than 60 hours a month on provisioning and onboarding activities — which Doddi said is exponentially reduced now. They now provision users’ core identities to devices and other connected IT resources seamlessly, and easily adjust access permissions for individual users via group-based controls.
“We use the time we save using JumpCloud to build experiences for our customers,” Doddi said.
JumpCloud provides a comprehensive solution to manage user identities, access, and devices. Read more about the cloud directory platform here.
You can also create a JumpCloud Free account to get unrestricted access to the platform and manage up to 10 users and 10 systems — free forever.