{"id":79294,"date":"2023-04-11T13:49:57","date_gmt":"2023-04-11T17:49:57","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=79294"},"modified":"2023-04-11T13:49:58","modified_gmt":"2023-04-11T17:49:58","slug":"webinar-recap-it-automations","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/webinar-recap-it-automations","title":{"rendered":"Webinar Recap: 6 IT Automations to Streamline IAM, Security, and Device Management"},"content":{"rendered":"\n

As organizations increasingly rely on digital technology to manage day-to-day operations, IT admins are faced with the time-consuming and often repetitive task of managing a number of users, devices, and applications.<\/p>\n\n\n\n

JumpCloud and Torq, a security automation platform, have integrated their services to provide IT admins with automations that help manage IT resources more efficiently and effectively.<\/p>\n\n\n\n

In a recent webinar<\/a> featuring Derek Johnson, Principal Product Manager, JumpCloud; Aner Izraeli, Director of Security, Torq; and Dallas Young, Sr. Technical Marketing Manager, Torq, the speakers provided valuable insights and practical examples of how six automations can be implemented to meet organizations’ needs.<\/p>\n\n\n\n

6 Practical JumpCloud + Torq Use Cases<\/h2>\n\n\n\n

JumpCloud continually aims to ease everyday tasks for admins and users alike without compromising on security. With Torq’s flexible integrations and easy-to-use workflows, admins can leverage the JumpCloud + Torq combination to automate the following tasks:<\/p>\n\n\n\n

1. Request Elevation of Local Admin Privileges<\/h3>\n\n\n\n

”Temporary elevation of admin privileges is a common request that IT admins receive from users who might need it to perform a specific task,” Derek noted. JumpCloud console allows admins to grant such privileges with a few clicks.<\/p>\n\n\n\n

However, given the possibility of the admin forgetting to terminate those privileges when the task is complete, coupled with the frequency of such requests, Aner demonstrated an alternative and more secure workflow.<\/p>\n\n\n\n

\u201cThe user needs to go to Slack and run the command ‘\/getmeadmin<\/em>,’\u201d he said. \u201cThis event is received on Torq’s end and it invokes JumpCloud’s API to get the requester’s info. Security and posture checks are then run to verify the request’s legitimacy.\u201d<\/p>\n\n\n\n

If these checks are passed, the employee receives a one-time token on their alternate email address. They’re to copy the token, paste it into the Slack text box, and submit it.<\/p>\n\n\n\n

Aner continued, \u201cOn validation of the token, another call is made to JumpCloud’s API to list the devices associated with the user. Then the user selects the device they need the privileges on and for how long.\u201d<\/p>\n\n\n\n

At this point, JumpCloud’s API elevates the user’s privileges, the user receives a notification to that effect, and Torq\u2019s Wait Operator will run until the allotted time elapses and then revoke the privileges.<\/p>\n\n\n\n

2. Approve Group Membership for a New User<\/h3>\n\n\n\n

As Derek explained, \u201cgroups\u201d are very powerful tools in the JumpCloud platform, especially as they are the go-to means for binding users to particular resources. <\/p>\n\n\n\n

\u201cThere are a couple of ways users can get added to groups on JumpCloud,\u201d he said. \u201cFirst is to go to the user profile and directly add them to the groups they need to be in. You could also do the inverse by going into the groups and then selecting the users you want to add to them.\u201d<\/p>\n\n\n\n

\u201cTorq interfaces with HR platforms such as Bamboo, Workday, HiBob, etc.,\u201d Aner explained. \u201cThe HR platforms’ payloads contain a few properties such as hiring manager details and the designated department, both of which Torq interacts with.\u201d<\/p>\n\n\n\n

Thus, when a new user needs to be added to a JumpCloud group, Torq sends a message to the hiring manager asking them to approve the addition. If the manager does, Torq obtains the JumpCloud group ID. An API then uses the ID to enroll the user into the group.<\/p>\n\n\n\n

Aner highlighted that this three-step workflow can be part of a larger onboarding process and can purely act as a nested workflow.<\/p>\n\n\n\n

3. Grant Just-in-Time Access to a Single Sign-On (SSO) Application<\/h3>\n\n\n\n

Derek sees just-in-time (JIT) and SSO access as a means of controlling who has access to an organization’s crown jewels, and when. He stated: \u201cThis is a process of a user making a request, verifying that the user is who they say they are, and granting them access to the applications for the duration of their task.\u201d<\/p>\n\n\n\n

Aner explained how to perform this workflow: \u201cA Slack slash command \u2018\/getbackoffice<\/em>\u2019 triggers the workflow. Once Torq receives the commands, it calls JumpCloud’s API for validation of the user’s request, extracts the user’s alternate email, and sends a one-time token.\u201d<\/p>\n\n\n\n

After validating the token, the user selects the access duration, and another call is put through to JumpCloud API to add the user to a specific group they need to be in to gain the requested access. If the call is successful, the user gets notified of their temporary addition to the group, and upon the expiration of the time selected, the user’s access is revoked.<\/p>\n\n\n\n

4. Confirm Failed Logins<\/h3>\n\n\n\n

Derek believes that failed logins are not necessarily always nefarious, but they could be a huge risk factor that may lead to bigger security problems. Thus, it is always helpful for admins to know when a user has attempted multiple failed logins so that they can investigate and take further action where necessary.<\/p>\n\n\n\n

He explained that JumpCloud Directory Insights provide a look into whatever is going on in an organization\u2019s JumpCloud environment, including who has access to what and when they\u2019ve accessed it, log-on and log-off times, and failed login attempts. <\/p>\n\n\n\n

He, however, points out that with Torq\u2019s integration, admins are able to set the threshold for failed logins and when they should be notified of having had a predetermined number of failed logins.<\/p>\n\n\n\n

Aner described further how this works: \u201cOnce the workflow is triggered, Torq parallel steps queries to the IP reputation with Abuse IPDB and Virus Total. When the results are obtained, the user receives a Slack notification informing them that multiplied failed logins have been attempted on their behalf.\u201d<\/p>\n\n\n\n

If the user confirms that these login attempts did in fact originate from them, the workflow ends. If not, then the security team gets notified, and they can choose to suspend the user’s JumpCloud and Google accounts and open a ticket to investigate the problem.<\/p>\n\n\n\n

5. Investigate Devices’ Policy Compliance Status<\/h3>\n\n\n\n

\u201cDevices are gateways to resources, and when a user has been verified and bound to a particular device, the device must be in compliance with policies implemented on it,\u201d Derek pointed out.<\/p>\n\n\n\n

He described how the JumpCloud console enables admins to see the status of devices tied to specific policies. He also mentioned that through JumpCloud reports, admins can get aggregated information on policies like OS and browser patches.<\/p>\n\n\n\n

He also noted that in some instances an admin might want to know at a moment’s notice what devices are noncompliant with a policy.<\/p>\n\n\n\n

Aner explained how this can be achieved with Torq: \u201cFirst, Torq loops through the policies and checks their statuses as to whether they’re successful or not.\u201d The automation extracts failed policies and identifies the device(s) on which the policies are not in place. The device names are clickable and they lead to the device page on the JumpCloud console.<\/p>\n\n\n\n

This, Derek highlighted, helps the IT admin go  exactly where they need to take further action on the device.device.<\/p>\n\n\n\n

6. Request User Account Unlock in JumpCloud<\/h3>\n\n\n\n

According to Derek, a locked-out user is an unproductive user. He continued, ”When a user gets locked out of their device or account, the admin can go to the JumpCloud console, and switch the user’s account from ‘suspended’ to ‘activated.\u2019\u201d<\/p>\n\n\n\n

Alternatively, Aner demonstrated a more efficient and secure method that required some user verification prior to re-activation. \u201cThe user is to execute a Slack slash command, ‘\/unlockme,’ <\/em>then complete certain security checks.\u201d <\/p>\n\n\n\n

After these steps, Torq extracts the user’s alternate email address from JumpCloud and sends a message containing a one-time token to the address. The user is to then use the token for validating their identity and Torq calls on JumpCloud’s API to unlock the user.<\/p>\n\n\n\n

Gains of Implementing These Automations<\/h2>\n\n\n\n

As Aner pinpointed, the benefit of implementing these JumpCloud +Torq automations are as follows:<\/p>\n\n\n\n