The Church Online provides enterprise class technology services to ministries and organizations. Their team of tech-savvy, strategic professionals specializes in live and on demand video streaming technology, website development, mobile app development, video production, graphic design, and social media management. Established in Pittsburgh, PA in 2002, they have expanded to support organizations worldwide. They also have a thriving book publishing division that works with influential pastors and authors throughout the United States.
|Organization:||The Church Online|
|Size:||30+ employees, 2000+ customers|
|Problem:||Onboarding/Offboarding, File Server Access|
|Goal:||Centralize Identity & Access Management (IAM)|
The Church Online has been growing very quickly – and while this expansion has been great for business, it has also posed significant challenges for IT. Brandon Locke, Technical Coordinator for The Church Online, explained:
“At first, managing user access wasn’t really a concern – but then we started growing.”
As the company has grown, so has their staff. What began as a core handful of people exploded into a booming business in the forefront of its field with numerous divisions supporting it.
“It just got to the point where you’re going through your normal day and you think, ‘How is our infrastructure going to grow with us?’”
In order for The Church Online to keep up with growing demand, they would need to revisit their approach to IAM. “We had just outgrown our approach to managing access and control of sensitive information and resources,” said Locke.
Locke noted the importance of the company’s file server infrastructure, and how adjustments needed to be made to compensate for the company’s growth.
“With the amount of design work alone that our team handles on a daily basis, the on-prem storage that file servers offer is incredibly important simply to alleviate bandwidth,” Locke said. “Speed is also a concern, as we conduct high bandwidth tasks such as video editing. This is especially hard on network services.”
Locke knew that he would need better IAM for his IT infrastructure to be scalable, so he turned to JumpCloud’s Directory-as-a-Service® (DaaS).
The Church Online adopted JumpCloud’s DaaS for their IAM solution in early 2017 in order to better control access to their systems, on-prem servers, and applications.
“We’ve been able to use JumpCloud’s LDAP feature to tie into other services,” Locke said. The Church Online also took advantage of the Google Apps (G Suite) integration, which is built right into JumpCloud.
“JumpCloud gave us the ability to centralize and simplify the management of users and systems.”
Locke noted that only one thing was missing: Samba file server authentication wasn’t yet available through JumpCloud. Just about every user at The Church Online was accessing the file server infrastructure at least once a day, with many users accessing it all day long. Suffice it to say, managing file server access was on Locke’s wish list.
Samba File Server Authentication
When JumpCloud introduced Samba authentication as a component of their LDAP service, Locke was one of the first to know, and he was also one of the first to implement it. As soon as he received the email that JumpCloud was moving to Groups and Samba would be enabled, Locke began preparations to implement it.
Locke started by methodically testing authentication with other members of their team. Once testing was completed, preparations were made to begin the full roll out.
“That morning, we rolled it out to the entire staff.”
The process was as simple as logging out, deleting the local account, and logging back in using JumpCloud credentials. The process was so smooth, it took approximately three minutes per person.
“The ease of use of the JumpCloud system enables us to cut down the amount of time it takes to do many day-to-day tasks,” Locke said. “It has provided us with the ability to provision and deprovision individuals at a very rapid pace.”
“That saves us time that we can now use to do something else.”
What used to be a lengthy process requiring a Google account, an account on the server, and the creation of individual paths to company resources has now become as simple as creating an account in JumpCloud which automatically creates all the necessary connections.
Deprovisioning users has also been streamlined. There’s no need to change hundreds—if not thousands—of passwords if someone leaves the company. “With JumpCloud’s LDAP and OAuth integration, we can change one password and lock someone out of an account,” Locke said.
“Now we can disable access with the click of a button.”
Other unexpected tasks have gotten easier as well, such as provisioning new software. A monotonous task that could sometimes take up to three hours now only takes about fifteen minutes, such as setting up the new phone system.
Locke told us the implementation has also been a hit with users. “Our users are much happier without having to remember countless passwords to access different company resources.”
“Looking forward, choosing JumpCloud means that we won’t need to hire as many IT staff members as we continue to grow. The value is immense because of the time it saves.”