Syn Ack Fin (SAF) is a managed service provider (MSP) that also does wireless network design and provides wireless network services. SAF has been around since 2001, and they support business owners with everything they need from plugging in their printer to complex security services to disaster recovery. They are a one-stop-shop for your IT needs, and their motto is ‘I.T. Made Simple’.
SAF’s roots come from professional services, and prior to becoming an MSP, they worked with some very large, notable corporations where they established effective processes for working with any size organization. After working with those large enterprises, SAF took those solid methodologies and leaned into them to help their clients that are small and medium-size enterprises. “What makes us different [compared to other MSPs out there], is our approach to how we solve the problems of our clients,” stated Antonio Wint, Founder and CEO of Syn Ack Fin. “Our approach is vetted, and it’s been proven successful in many different environments.”
SAF currently makes use of Active Directory (AD) and extends it with JumpCloud® to get all of the features that they want across their environment, and they require clients to use JumpCloud or a similar tool in order to establish a working relationship. When discussing future plans, Wint told us, “We are looking at retiring AD. We’re looking at it for all of our clients.” This is primarily due to the bulkiness of AD, the learning curve it requires, and the prevalence of remote work across many organizations.
When discussing how JumpCloud entered the picture at SAF, Wint told us, “We’re Apple partners, and we’ve been working with the Apple business unit within our area for some time. And we just kept coming — we just had so many challenges with Mac users and authentication and trying to keep it consistent, and it was just giving us fits. We were talking to our business development manager, and she said, ‘Hey, you might want to consider looking at a company that’s local to the Denver, Colorado area, they’re in Boulder, a company called JumpCloud’. So we did our research, we met with some of the JumpCloud techs, did a demo, started using it internally, and we were sold.” SAF has now been using JumpCloud for 5-6 years and hasn’t looked back since.
When further discussing how extensive SAF’s use of JumpCloud is, Wint mentioned, “[We use it for] Linux boxes, our SAML portals, our client portals — [we add] anything that supports single sign-on and connects via SAML or connects to our JumpCloud [instance].”
- Organization: Syn Ack Fin
- Location: Denver, Colorado
- Problem: Dealing with client issues like: the lack of a password database, no centralized repository, no directory, and much more
- Goal: Help clients extend or replace Active Directory with JumpCloud, and add consistency into each client’s environment
Background
When describing what SAF’s fleet of devices looks like, Wint said, “We use Windows internally, but we do have some users that are using Mac. Most of our clients are actually Mac clients. We tend to support a lot of software developers — software developers love Mac or Linux. So I would say more than half of our users are Mac, some are Windows, and then most of our server environments are Linux environments.”
He went on to say, “Those Linux environments extend into our private cloud environment but also AWS. So if you’re looking at elastic cloud instances, we have the JumpCloud agent running inside of those for a number of our clients so that their users can access the system via the SSH protocol or other protocols.”
So, not only does SAF use JumpCloud internally to help manage their heterogeneous fleet of devices, but they also ask their clients to implement it to solve a multitude of glaring security, productivity, and consistency issues. “The top problems we’re coming in to solve with JumpCloud are: [when clients have] no password database, no centralized repository, and/or no directory,” Wint said.
He continued on and said, “A lot of the problems we’re solving [involve] identity management and making sure that there’s some cohesion and consistency with user accounts, [such as] the naming standard. [We also have to] make sure that they’re meeting password complexity requirements and make sure they’re introduced or understand MFA formally.”
For example, Wint told us that before implementing JumpCloud, “We will ask [a client], ‘Hey, so how do you know that a user has changed their password?’ and he says, ‘I don’t know if they’ve changed their password’. I have no idea if their password is password123’.” This presents huge risks that SAF comes on board to mitigate using JumpCloud’s various security and productivity-oriented features.
“Then once we solve those problems, we say, ‘Hey, did you know, we can also connect to this cloud application so that you’re using JumpCloud with that? We can also make sure that when someone’s VPNing into your network, that they’re using conditional access to access resources,’” stated Wint.
Examples of features SAF has used internally or set up for clients:
- RADIUS
- LDAP
- SAML
- SSO
- MFA
- Commands
- Policies
There’s no way we can provide user management, password complexity, multi factor authentication [without the use of JumpCloud]. It’s [all] become an integral part of what we do for our clients.
Antonio Wint, Founder and CEO, Syn Ack Fin
Challenge: Centralizing Identity and Access Management and Improving Consistency Across Clients
Syn Ack Fin’s primary challenges revolved around centralizing and providing more consistency across identity and access management within each client’s environment. SAF often deals with client issues like: a nonexistent password database, no centralized repository, no directory, no password controls, and inconsistent user account naming.
Getting Buy-In for AD Extension or Replacement
The solution that SAF uses across the board involves getting clients to either “Use JumpCloud to extend Active Directory or just use JumpCloud [on its own].” So, another challenge they faced was getting client buy-in up front. “We could see the benefits of a mobile workforce and remote users and the management and control that we have [over it all using JumpCloud], but a lot of our clients didn’t get it,” Wint said.
He went on to tell us, “They thought we were just trying to sell them extra services, and then COVID happened. And we said, because you have JumpCloud, everything’s okay, we can still control [everything], and they started to get it. So I think JumpCloud in some ways was ahead of the game, right? But now with COVID, it’s accelerated that and the clients now are a little more open to adding a JumpCloud solution to their environment.”
However, Wint also explained that, “People that are Active Directory people and Windows people, they get stuck in that world, and it’s really difficult to get them out of that world. But typically what we would do is say, ‘Hey, let’s extend your existing Active Directory with JumpCloud because of these feature sets’. And then we start to list what they don’t have in their current environment and what JumpCloud will provide for them. We actually have a client going through this right now, where they’re wondering, ‘Why am I using Active Directory to manage any of my users? Why am I doing this at all?’. So, typically, after getting a client to implement JumpCloud, their hesitation turns into motivation to fully migrate over or use more of JumpCloud’s functionality to make their day-to-day lives easier.
Wint dived in further regarding AD and said, “Honestly, the bloat and the thickness of the Active Directory environment with primary domain controllers, backup domain controllers, global catalogs, FSMO roles… it’s just big. So, it works well for some corporations, but for small and medium sized businesses specifically, it can just be too much as far as the server load. So, if you’re looking for a smaller footprint, maybe you’re going completely remote, no more brick and mortar, certainly the JumpCloud solution is something that we’re asking our clients to consider for our professional services side or our wireless networking side. Again, for all our managed services clients, you’re getting JumpCloud as part of the gig.”
Avoiding the AD Learning Curve
One other challenge SAF faced was bringing new system administrators on board without sinking hundreds of hours into training them on the intricacies of AD. Wint said, “Active Directory is a beast, and there’s a lot to learn and train in there. And specifically, it tends to be a technology for more seasoned or senior systems administrators. We are bringing in younger administrators that do not necessarily have past experience with Windows Active Directory in its traditional format. Using JumpCloud, I don’t have to train them on all the history of Active Directory. I can just train them on JumpCloud.”
Solution: A Cloud-Based Directory Platform That Improves Compliance, Security, and Efficiency
Before COVID, JumpCloud was an option that we put on every contract, we didn’t require it. After and during COVID, we said you must have JumpCloud in order to do business with us. We found that it saves our team time and allows us to deliver a consistent level of service to our clients by using the tool, so now it’s a requirement.
Antonio Wint, Founder and CEO, Syn Ack Fin
As we discussed, Syn Ack Fin uses JumpCloud to push out MFA, SSO, and password complexity requirements; standardize usernames; improve network authentication security; and provide a central repository of identities and data among other things. Regarding internal use, Wint also said “We use [JumpCloud] to extend our existing Active Directory environment into Office 365, our CRM tool, and our Mac systems which don’t connect directly to an AD environment.”
Compliance
When discussing clients, Wint told us, “[JumpCloud] integrates into their firewalls, their desktops, their Office 365, their G Suite. It just allows us to make sure if we’re going through some sort of audit, because we are a SOC 2 type audited business, that we’re able to confirm that the user environments that we’re managing are meeting the password complexity standards that we have established within our SOC 2 [framework].”
RADIUS and LDAP
SAF often promotes the use of Cloud RADIUS and Cloud LDAP to clients. Using JumpCloud as the single source of truth for identities, “You want to use RADIUS to authenticate your users so you can make sure they’re valid users, and if they’re not in JumpCloud, then they don’t exist. So, if someone [on the outside] tries to authenticate, it doesn’t work because the RADIUS server won’t allow them in. Same thing with LDAP — you can use some LDAP features to authenticate users and additionally as a database for what’s going on with the users in the business environment,” said Wint.
Erasure of Shared Network Keys
Along with the use of Cloud RADIUS and Cloud LDAP, Syn Ack Fin also promotes an overall reduction of passwords in use, as well as shared keys. “Our clients no longer use pre-shared keys on their wireless networks. We connect their wireless network to JumpCloud, and each user types in their username and their password when they log on [which then] authenticates them and connects them. At that point, when a user moves on to a different company for whatever reason, we don’t have to change the pre-shared key for the entire company. We just disable their account in JumpCloud and that person can’t log on to wireless anymore,” Wint explained.
Rolling out JumpCloud for new Clients
Syn Ack Fin walked us through the process of rolling out JumpCloud for a new client. Wint said it goes like this: “A lot of our processes are automated, and typically what we’re trying to do is grab a user database of information from HR or the number of users that they have in their G Suite or in their Office 365. We load those users into JumpCloud either manually or from a script, because you can import users in many different ways. Then once we have that set up, we go ahead and add our agent to each person’s machine.”
“And then starts the task of building out consistency between the username syntax and the passwords, because sometimes the user’s laptop will say, ‘Antonio.Wint’, their email says ‘AWint’, and another device says just ‘Wint’. So, we run through a process of figuring out how to get the names in sync and start to roll out JumpCloud to each component. Typically, we start with the laptop or desktop first, because the user is logging onto that system daily. [This] sets the tone of, ‘Hey, you’re going to remember this password, it’s going to be a complex password, and you’re using it all the time’.”
“Then, after they’re consistently using that, we address the perimeter. So, that would be the VPN, making sure their firewall and their wireless network are connected and using JumpCloud, and then we start to add things like Office 365, G Suite, and other apps.”
Unique Use Cases Among Syn Ack Fin and its Clients
Wint explained one unique use case of JumpCloud across internal users and clients and it’s importance for an MSP: “All of our client firewalls are using JumpCloud for their end-users to log on to their firewall via VPN or through a user portal. [For] each one of the client firewalls that we support, our team does not have the default root or admin username and password. JumpCloud is actually connecting to our client’s JumpCloud instance and then our JumpCloud instance. So, as the administrators, we authenticate with our username and password that we’re using on our domain to that environment. What that allows me to do as an MSP is if I have an employee change roles or leave the company, once I disable that user’s account in our JumpCloud instance, they can’t log on to any of our client firewalls or any of our client networks either. So, it gives me additional security as the MSP.”
The Results
In terms of remote work, Wint talked about some of the advantages that JumpCloud provides. One big piece he mentioned is, “Consistency with password changes.” He went on to say, “Typically in an Active Directory format, the person has to VPN in to headquarters or reconnect to the domain controller in order to get password updates or changes. [However], I can do that with JumpCloud with policies, and as soon as the user connects to the internet, it lets them know, ‘Hey, your password is about to expire, and you need to get it updated or changed’.”
“Active Directory doesn’t natively send you an email or some other notification that you need to change your password. [But], with the flexibility of JumpCloud, I know the user is going to get a pop-up, an email notification, and they could possibly get another email notification a couple of hours before that. If someone’s remote, we can guarantee that they are using the right password and getting an update at a regular cadence.”
In terms of viewing device information, Wint said, “[JumpCloud continues] adding even more information about a device so that if I click on a device, I can pull the IP address, Mac address information, serial numbers, just a lot of information I would [normally] get from my RMM tool. [But now], I don’t have to leave JumpCloud to go to that tool — I have that information on a single pane of glass in JumpCloud that I can review.”
Time Savings
An important result from implementing JumpCloud internally and across clients’ environments is that “I no longer have to VPN into a client’s environment to work on their directory services or work with their users — it’s all in JumpCloud. There’s time saved with the bookmarks and the SSO connections — my employees are not searching around for the URL anymore to access a site,” said Wint. “Our employees log on to console.jumpcloud.com as their portal. When they open up their web browser, it’s the first thing they see. They log onto that portal and then access SaaS apps from the portal.”
He went on to say, “[Employees go] to the dashboard and everything they need is right there — they just click on the links. We were able to put those links and bookmarks and SSO [apps] into groups so that the Finance department has finance bookmarks, but they don’t see the Systems Administration or the Operation department’s bookmarks. So, it’s certainly more efficient — it’s very clean.”
Future-Proofing Work
When going over future plans and why JumpCloud will remain an integral part of Syn Ack Fin’s tech stack, Wint said, “I continue to work with JumpCloud, because I know the product is moving in a direction that I can continue to sell as a managed services provider. When we have brought up challenges or feature requests or any support tickets, it’s all handled in a very professional and prompt manner. As an MSP or someone that’s delivering a service, technical support is critical to me.”
JumpCloud is critical for our clients, and the JumpCloud roadmap is very much aligned with a managed service provider and what I’m trying to do as an MSP.
Antonio Wint, Founder and CEO, Syn Ack Fin
Learn More
JumpCloud changes the way IT administrators manage their organizations by providing a comprehensive and flexible cloud directory platform. From one pane of glass, manage user identities and resource access, secure Mac, Windows, and Linux devices, and get a full view of your environment.
Get started with JumpCloud today.