As a financial leader in the credit and debit card rewards space, Augeo FI<\/a> has helped over 1,200 institutions deliver compelling loyalty programs. They\u2019ve been so successful that they were recently acquired by Lightyear Capital, infusing Augeo FI with the money they needed to modernize their IT environment. Their overhaul included plans to migrate to the cloud and a mission to gain centralized control over all of their digital assets, including Windows\u00ae<\/sup>, Mac\u00ae<\/sup>, and Linux\u00ae<\/sup> systems. Fortunately, they knew just where to turn to make this happen\u2014JumpCloud\u00ae<\/sup> Directory-as-a-Service\u00ae<\/sup><\/a>.<\/p>\n\n\n\n Peter Lasky led the charge in leveling up the company\u2019s IT infrastructure. Peter told us, \u201cI\u2019ve been with Augeo FI for about ten years. In that time, I\u2019ve worn a lot of hats, the most recent one being Director of Technology. My role includes handling parts of vulnerability management<\/a>, implementations, scaling, scoping, and cloud migration.<\/p>\n\n\n\n \u201cOne of the many benefits of being sold is that we now have the capital to really grow the company and to perform some much needed maintenance, like migrating to the cloud.\u201d<\/p>\n\n\n\n With their cloud-future in reach, Peter and his team knew they needed to change their identity management infrastructure. Peter explained, \u201cBefore JumpCloud, we were using\u00a0Active Directory\u00ae<\/sup><\/a>\u00a0even though we also had Linux servers and Mac systems in the mix. Having a mix of systems made it difficult for us to centralize access to everything, so we ended up using Centrify to bring those three environments together in Active Directory. Using that was okay when everything was on-prem. Once we started talking about using the cloud, we had a whole list of questions around how AD was going to fit in our strategy.\u201d<\/p>\n\n\n\n These were some of the questions Peter and Augeo FI were asking:<\/p>\n\n\n\n \u201cWe looked into many options, including Okta\u00ae<\/sup>. They\u2019re pretty big in the identity management game. But the only solution that could meet our requirements was JumpCloud.\u201d<\/p><\/blockquote>\n\n\n\n Testing JumpCloud only solidified Augeo FI\u2019s decision to use the cloud-based directory service<\/a>:<\/p>\n\n\n\n \u201cA couple of engineers and myself started testing on our home networks. In my testing, I put JumpCloud on about six computers, and I actually used RADIUS to authenticate to my WiFi. I even got my entire family using it, including my eight-year-old son.”<\/p>\n\n\n\n \u201cAfter my team and I finished with our testing, we all decided that we liked JumpCloud because it was clearly going to provide us with one portal to manage everything and because it\u2019s easy to use and scalable. That\u2019s ultimately why we chose it.\u201d<\/p><\/blockquote>\n\n\n\n As soon as they finalized their decision, Peter and his team went to work implementing JumpCloud across their IT environment. So far they have implemented JumpCloud across their systems, applications, network, and VPN solution, with plans to roll it out across their server environment in AWS<\/a>.<\/p>\n\n\n\n Augeo FI was particularly glad to gain cross-platform system management<\/a>. Peter remarked, \u201cWe\u2019ve had so many problems trying to manage Macs with Active Directory because the two simply don\u2019t play well together.\u201d<\/p>\n\n\n\n In the process of implementing JumpCloud, Augeo FI decided to upgrade their Mac fleet, and they were impressed with how easy it was to integrate their new Mac systems with JumpCloud:<\/p>\n\n\n\n \u201cWe installed the JumpCloud System Agent, we added users, we added some profile requirements, and it all just worked. We didn\u2019t have to figure out how to get them to connect to Active Directory.\u201d<\/p>\n\n\n\n \u201cOur engineers were really excited about it. They were saying, \u2018How does it work? It just works!\u2019\u201d<\/p><\/blockquote>\n\n\n\n Besides system management, Peter is also leveraging JumpCloud\u2019s seamless integrations with G Suite\u2122, Office 365\u2122, and other web-based applications by leveraging SAML:<\/p>\n\n\n\n \u201cJumpCloud integrates so well with G Suite and Office 365<\/a>. It\u2019s really going to help provide us with the end-to-end onboarding we\u2019ve been wanting to establish. We\u2019ve also set up a number of SAML integrations in JumpCloud, including one for AWS. We\u2019re just going to add countless more as we expand. JumpCloud is our go-to for SSO (single sign-on).\u201d<\/p>\n\n\n\n \u201cAdditionally, we\u2019re using JumpCloud RADIUS servers to authenticate WPA2 enterprise access to Ubiquiti\u00ae<\/sup> wireless access points.\u201d Peter told us. \u201cSo, when an Augeo FI workstation comes or goes, they\u2019re going to re-authenticate to the network using their JumpCloud credentials. That authentication is much more secure, because it\u2019s not just a shared password that\u2019s on a sticky note somewhere.\u201d<\/p>\n\n\n\n Lastly, OpenVPN<\/a> plays a critical role in providing remote software engineers with secure access to Augeo FI\u2019s infrastructure. Fortunately, it was a breeze integrating it with JumpCloud too. Peter elaborated, \u201cWhen we moved to a hosted datacenter in AWS, we decided to implement OpenVPN because it was cheaper for us to roll our own VPN solution to an EC2 instance than use AWS VPN.<\/p>\n\n\n\n \u201cThe integration between OpenVPN and JumpCloud<\/a> was seamless. It took us about 30 minutes. We went into JumpCloud, copied the string from the portal, put it into OpenVPN, and we were authenticating! We were binding and authenticating. Using OpenVPN with JumpCloud is great because you get centralized user management.<\/p>\n\n\n\n \u201cHaving separate usernames and passwords for an environment is really the bane of any systems engineer or service desk engineer\u2019s existence. So it\u2019s great that we can avoid it altogether.”<\/p><\/blockquote>\n\n\n\n \u201cWe implemented OpenVPN to provide programmers with the ability to remotely deploy code in a lower environment, like a Dev or Q\/A environment. So it\u2019s mainly for engineers who work from home. There\u2019s also a disaster recovery piece to this. In the event that our building is no longer here, how do we get into our environment? Now, that\u2019s through OpenVPN and JumpCloud\u2019s credentials and roles. Lastly, the other piece to using JumpCloud with OpenVPN is that it allows us to comply with PCI requirements. There are certain roles and separations of duties that have to happen, and we\u2019re doing that all through JumpCloud User Groups and roles through IAM in AWS.\u201d<\/p>\n\n\n\n As Peter has rolled out JumpCloud across a majority of Augeo FI\u2019s IT resources, they\u2019ve been successful in consolidating user management into one cloud-based solution. As a result, Peter has been able to streamline user management tasks, save money<\/a>, optimize compliance audits, and strengthen security.<\/p>\n\n\n\n \u201cOne of the areas where we have near-infinite time savings is onboarding,\u201d Peter said. \u201c Now that we have JumpCloud, we can onboard a new hire in a matter of a couple of hours. We use Groups to organize roles, what those roles need access to, and what kind of access they have. We\u2019ve created a form that allows a department to check what resources a new hire needs, and then we just assign a new user to the right Groups according to what boxes were checked.<\/p>\n\n\n\n \u201cIt\u2019s been incredible to go from having new users fully onboarded two weeks after they started, to having them onboarded to everything two weeks in advance.\u201d<\/p><\/blockquote>\n\n\n\n In addition to faster onboarding, Peter mentioned that they\u2019ve almost eliminated password reset support tickets. They\u2019ve gone from spending 10 hours a week on password related support tickets to 15 minutes a week, if not less. Peter recalled, \u201cWe used to see about 100 tickets every two weeks related to password resets. Now, we barely get one a month, and it\u2019s all in large part due to how easy it is for end users to self-service a password reset.\u201d<\/p>\n\n\n\n Additionally, JumpCloud\u2019s completely cloud-based approach has allowed Augeo FI to eliminate their on-prem identity management infrastructure, saving them a significant amount of money. Peter informed us:<\/p>\n\n\n\n \u201cWhen we were using Active Directory, we were paying about $100,000 annually in Microsoft\u00ae<\/sup> licenses for our Windows Server infrastructure\u2014server licenses, data center licenses, and user Client Access Licenses (CALs).”<\/p><\/blockquote>\n\n\n\n \u201cI don\u2019t know the exact amount of savings with JumpCloud off the top of my head, but it\u2019s significant when you talk about the Microsoft infrastructure being replaced. Our use case is probably unique because we are moving from a Windows server environment to a strictly Linux server environment with macOS\u00ae<\/sup> and Windows Pro desktops in the mix as well. JumpCloud allows us to centrally manage all of these systems with just one solution, at one price.\u201d<\/p>\n\n\n\n Next, Peter has found it much easier to demonstrate compliance:<\/p>\n\n\n\n \u201cMy team and I are responsible for providing reports that show when a user left the company and when their access to resources has been removed. Typically, an auditor will ask for a list of users and a list of all the changes that have taken place in JumpCloud. Then they\u2019ll look through and see when a user left the company and if there are changes that show the user\u2019s access to resources has been removed.<\/p>\n\n\n\n \u201cJumpCloud really simplifies this because we just have to delete a user in this one solution, and then a user no longer has access to anything.<\/p>\n\n\n\n \u201cNot only does this make it easier for us to do our jobs, but it also allows us to provide auditors with a single report where they simply have to look for deleted users. It\u2019s a lot easier for them to tell if we\u2019re compliant or not when it comes to user access.\u201d<\/p><\/blockquote>\n\n\n\n Lastly, Peter has been really satisfied with the improved security at Augeo FI since implementation. Peter shared, \u201cWhen it comes to security, it\u2019s amazing that JumpCloud offers MFA (multi-factor authentication) for the user and admin console, applications, and Mac and Linux systems. Additionally, if there\u2019s a brute force attack, JumpCloud has a mechanism in place where it will lock out the user after a predetermined number of failed login attempts. Admins will be notified of the user being locked out, and then they can investigate the problem relatively quickly.\u201d<\/p>\n\n\n\n In the event a compromise is experienced, centralized user management makes it just a tad less stressful. \u201cYou go into your JumpCloud portal, select a user, suspend the user, and then you can do your impact analysis after that.\u201d Peter explained. \u201cYou\u2019re not trying to scramble and find which passwords are compromised, which users, which systems, and whatnot. Also, because you have centralized authentication, you have the peace of mind that comes with the fact that when you disable a user, you have now protected yourself against any future attack with those credentials in every resource simultaneously. So that\u2019s a big win.\u201d<\/p>\n\n\n\nBackground<\/h2>\n\n\n\n
The Challenge<\/h2>\n\n\n\n
The Solution<\/h2>\n\n\n\n
Implementation<\/h2>\n\n\n\n
Cross-platform System Management<\/h3>\n\n\n\n
Applications<\/h3>\n\n\n\n
RADIUS<\/h3>\n\n\n\n
OpenVPN<\/h3>\n\n\n\n
The Result<\/h2>\n\n\n\n
Streamlined User Management<\/h3>\n\n\n\n
Reduced Costs<\/h3>\n\n\n\n
Optimized PCI Compliance Audits<\/h3>\n\n\n\n
Stronger Security<\/h3>\n\n\n\n
Benefits<\/h2>\n\n\n\n