Pivotree, a leader in frictionless commerce, strategizes, designs, builds, and manages digital Commerce, Data Management, and Supply Chain solutions for over 200 major retailers and branded manufacturers globally. With a portfolio of digital products as well as managed and professional services, Pivotree provides businesses of all sizes with true end-to-end solutions. Headquartered in Toronto, Canada, with offices and customers in the Americas, EMEA, and APAC, Pivotree is widely recognized as a high-growth company and industry leader.
Today, the company has more than 600 employees spread out across the world, the majority of whom work remotely.
Needing to replace an aging on-prem Active Directory server
Before Clinton Halston joined Pivotree in 2016, the company’s environment consisted primarily of Windows machines managed through a “very aging on-premises Active Directory that was not well-maintained.”
“We were starting to see more MacBooks in our fleet, so the previous IT manager chose to deploy JumpCloud to manage workstations,” says Halston, the company’s IT director.
When Halston came on board, one of his first responsibilities was helping Pivotree get through an audit.
“I was asked to show whether people had firewalls enabled,” he explains. “I went, ‘Well, great.’ Most of these people weren’t in JumpCloud yet, so I said we should finish rolling it out.”
Standardizing IT management during a period of fast growth
At the time, Pivotree was growing rapidly through a series of acquisitions.
“We went from a couple hundred people to 600-plus, and everybody was managing their company’s IT differently,” Halston continues. “We made it a point to roll out JumpCloud to all employees for workstation management, converting people from different AD systems or just local management, as well as a bunch of Mac stuff and a couple Linux machines.”
Thanks to JumpCloud’s support for cross-OS device management, Halston and his team are now able to manage all company devices through a single pane of glass.
“It’s nice to have endpoint protection for all the different operating systems.”
Consolidating IT tools with feature-rich JumpCloud
With device management shored up, Halston and his team continued rolling out new JumpCloud features to further simplify IT management. As a second order of business, they took advantage of JumpCloud’s single sign-on solution for “no additional cost” since it was already offered in the package the company was paying for.
“We use it to authenticate to all critical business systems,” Halston says. “Even if you use a shortcut for the app, it’s going to push you to the console for authentication.”
The way Halston sees it, the more tools focused on user identity and device management that are accessible through a single pane of glass, the better.
For example, Pivotree had been using Okta to manage identities but they couldn’t use it to manage workstations, so they moved to JumpCloud instead.
“In reality, we could do all the Okta stuff in JumpCloud for no additional cost because we were already paying for the users,” Halston explains. “Okta is great but they can’t do device management and JumpCloud can. So if JumpCloud is already your device management solution, why have two systems?”
To ensure a successful deployment, Pivotree engaged JumpCloud Professional Services to help with implementation.
“That was very economical,” he says. “Over the course of three months, we moved all of our applications into JumpCloud.”
Policies, Groups & Commands
The Pivotree team makes use of a slew of JumpCloud Policies, like enforcing automatic screen and session timeouts, locking down USB access, and encrypting harddisks.
“There’s a whole bunch of other stuff that we’re using, too,” Haltson says.
Pivotree is also taking advantage of dynamic device groups to apply security policies by operating system. They’re also using a mix of static and dynamic user groups to grant access.
“We’re moving more toward dynamic,” he continues. “When there’s a change to an employee, we make the change in JumpCloud, which impacts the dynamic groups they’re a member of. And then we’ll use that to grant access to certain applications. So, in short, role-based access control.”
Additionally, Pivotree is using JumpCloud Commands to remotely execute scripts on all its machines.
“After all these acquisitions, we wanted to move everything to a common naming standard,” Halston explains. “So, we renamed everything in the JumpCloud console to the standard we wanted and then would use commands to rename the local machines. We needed commands for Windows, Linux, and Mac for all of that, we ran them against the machines, and now everything’s up to date.”
Security & Compliance
Due to the space it operates in, Pivotree needs to maintain compliance with several industry standards, including ISO 27001, SOC 2 Type 2, and PCI DSS.
When it comes to compliance, JumpCloud is quite helpful. For starters, it enables the IT team to enforce things like multi-factor authentication and strong passwords. At the same time, JumpCloud also makes it easy to demonstrate compliance at a glance to auditors.
“Audits are really easy,” Halston says. “We just screenshot the policy and the auditor says, ‘Okay.’”
To prepare for audits, the team runs reports in JumpCloud that make it easy for Halston to see which devices aren’t up to date.
“It makes it easy for us to follow up with people to get devices back in compliance,” he says.
Pivotree has also enhanced its security posture by remotely locking devices when someone leaves the company or a device is lost and by remotely wiping devices.
“When someone leaves the company, they can ship the device back to us or we will also let them buy it for whatever’s left on the value of the device,” Halston says. “And we can be confident that we can remotely wipe it and have the operating system installed in factory-default condition so they can use it however they want without having to ship it back and forth.”
Pivotree is also using JumpCloud Go™, which enables users to verify their identities at device login using a device password or biometric authenticator. Not only does this further protect systems, it also saves users from having to enter their credentials throughout the day.
“I never type my password anymore,” Halston says. “I use biometrics to log into my machine and it gets my browser going, and I never have to type my password but I’m still secure.”
Accelerated onboarding
Using JumpCloud, Pivotree is able to send devices to new users in a few simple steps.
“With Microsoft, it’s a one-touch deployment,” Halston says. “With Apple, it’s zero-touch. A user gets the device, JumpCloud is installed on it, and they can log into the user name we provide right from the first time they boot up.”
A system they can grow with
Looking ahead, Pivotree aims to unlock even more value from JumpCloud, which continues to bring new features to market. They’ve already utilized Remote Assist to great effect.
“We’d been using Zoom and just asking to take control of people’s screens on Zoom, and that’s how we were doing support,” Halston says. “Our team now uses Remote Assist quite a lot, and they love it.”
Up next, Pivotree hopes to migrate away from its password management and use JumpCloud Password Manager instead.
“There’s quite a suite of features available in JumpCloud, and having it all in one spot has been really helpful,” he concludes.
About JumpCloud
JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform.
To see the power of JumpCloud yourself, request a demo or start a 30-day trial today.