{"id":45029,"date":"2020-03-31T15:26:59","date_gmt":"2020-03-31T21:26:59","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=resource&#038;p=45029"},"modified":"2024-02-20T18:32:56","modified_gmt":"2024-02-20T23:32:56","slug":"working-from-home-jumpcloud-admin-guide","status":"publish","type":"resource","link":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide","title":{"rendered":"Admin Guide to Supporting Work from Home with JumpCloud"},"content":{"rendered":"\n<p>Offices in prior decades were built primarily with an on-premises state of mind. In order to do work, you had to drive to the office, work on a desktop or stationary computer, and authenticate locally to your on-prem Active Directory<sup>\u00ae<\/sup> or LDAP server.<\/p>\n\n\n\n<p>Beyond the fact it doesn\u2019t easily accommodate remote work, the on-prem model has other downsides, including forcing admins to manage multiple different passwords for applications and connect their users to WiFi via an unsecured passphrase like WPA2. As technology evolved, cloud applications, varying operating systems, and disparate resources became more common in the workplace, and they challenged the on-prem model as well.&nbsp;<\/p>\n\n\n\n<p>Desktops evolved into laptops, installed versions of applications became web browser-based, and WiFi protocols evolved to become more secure. Offices, too, have started evolving to allow for work-from-home or multiple remote branch offices.&nbsp;<\/p>\n\n\n\n<p>The JumpCloud<sup>\u00ae<\/sup> <a href=\"https:\/\/jumpcloud.com\/platform\/\">open directory platform<\/a> was built to allow employees to work remotely from home, on the go, or at a remote branch office. This is made possible with a 100% cloud-based directory and secure solutions for the various IT resources at your company\u2019s disposal.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"general\">General Security Best Practices<\/h2>\n\n\n\n<p>When working in any IT environment, especially environments with remote workers, there are several things you should consider configuring and enforcing. This guidance applies whether you are using JumpCloud or not, so we\u2019ll go through this before going through JumpCloud-specific guidance.<\/p>\n\n\n\n<p><strong>Strong Password Policies:&nbsp;<\/strong><\/p>\n\n\n\n<p>Different security compliance regulations may require different levels of password complexity. For example, section 8.x in the <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI_DSS_v3-2-1.pdf?agreement=true&amp;time=1584137662876\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">PCI DSS 3.2.1 compliance requirements<\/a> recommends the following list be enforced on passwords used in a secure environment:&nbsp;<\/p>\n\n\n\n<ul>\n<li>Minimum of seven characters, generally 10 characters or more is best\n<ul>\n<li>Numbers<\/li>\n\n\n\n<li>Lowercase and uppercase<\/li>\n\n\n\n<li>Special characters (examples: . ! ; _ -)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>90-day password expiration<\/li>\n\n\n\n<li>Prohibited reuse of previous four passwords used for the account<\/li>\n\n\n\n<li>User lockout after six failed login attempts<\/li>\n<\/ul>\n\n\n\n<p>It should be noted that you can always make these requirements stricter based on the security compliance and policies you want to enforce in your environment. Our advice has alway been and continues to be to create long, strong passwords. Ideally, end users are creating a sentence or combining multiple words together for a long password (greater than 16 characters is always preferable, but note that Office 365 limits passwords to 16 characters).<\/p>\n\n\n\n<p><strong>Anti-Phishing Security Policies:<\/strong><\/p>\n\n\n\n<p>In recent years, there has been an increasing number of attacks and successful attacks using phishing or spear-phishing. In 2017 alone, according to a <a href=\"https:\/\/info.phishlabs.com\/hubfs\/2018%20PTI%20Report\/PhishLabs%20Trend%20Report_2018-digital.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">PhishLabs report<\/a>, there was a 237% increase in SaaS app mimic attacks. Beyond that, phishing and pretexting were responsible for 93% of breaches in social attack incidents, Verizon found in one <a href=\"https:\/\/enterprise.verizon.com\/resources\/reports\/DBIR_2018_Report.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">security study<\/a>. There are many ways bad actors can use social engineering, spam email, or URL redirection to get information out of your employees and into their own hands.<\/p>\n\n\n\n<p>Ensure the safety of your users and your business by enforcing good security practices and taking measures against phishing and other cyberattacks. Create a policy that users must forward suspicious emails to your IT admins or security team, and remind them not to click suspicious emails or URLs. Manage your email with good spam filtering, and regularly check in with employees to assess whether they\u2019ve recently received phishing emails. Continually educate, train, and reinforce your employees\u2019 understanding of the dangers of phishing attacks and how to be secure.<\/p>\n\n\n\n<p>You can also recommend that employees limit their social media use at work, including Facebook, Twitter, and LinkedIn. This reduces your attack vectors and helps in securing your employees\u2019 information and confidential corporate information.<\/p>\n\n\n\n<p>To secure your employees\u2019 identities and thwart attempted phishing attacks, enable local user password resets on the system itself. You can train employees and create a workflow for easy password resets on the system locally, which helps encourage users to properly update passwords and automatically distrust any suspicious password-reset emails.<\/p>\n\n\n\n<p>Beyond educating your employees about <a href=\"https:\/\/www.globallearningsystems.com\/avoid-email-phishing-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">good anti-phishing practices<\/a> and requiring strong passwords, you can enforce multi-factor authentication, keep anti-virus software updated, and use only HTTPS.<\/p>\n\n\n\n<p><strong>System Security Policies:&nbsp;<\/strong><\/p>\n\n\n\n<p>Locking down your employees\u2019 systems is as important as creating strong passwords for their user accounts. A few of the top policies generally recommended to enforce include:&nbsp;<\/p>\n\n\n\n<ul>\n<li>Set lock screen for 120 seconds or less<\/li>\n\n\n\n<li>Disable USB mass storage devices<\/li>\n\n\n\n<li>Disable CD\/DVD drive (if applicable)<\/li>\n\n\n\n<li>Disable control panel access\/system preferences access<\/li>\n\n\n\n<li>Restrict App Store<\/li>\n\n\n\n<li>Implement strong password policy<\/li>\n\n\n\n<li>Configure system MFA&nbsp;<\/li>\n\n\n\n<li>Disable local guest and administrator accounts<\/li>\n\n\n\n<li>Turn off AutoPlay<\/li>\n\n\n\n<li>Disable sharing<\/li>\n\n\n\n<li>Default users permissions as standard non-admin\/non-sudoer accounts<\/li>\n\n\n\n<li>Enforce full disk encryption<\/li>\n<\/ul>\n\n\n\n<p>If you want to achieve a higher security standard across your systems, you can reference the <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.cisecurity.org\/cis-benchmarks\/\" target=\"_blank\">CIS Benchmarks<\/a> for your operating system and leverage those policies too.&nbsp;<\/p>\n\n\n\n<p><strong>Multi-Factor Authentication:&nbsp;<\/strong><\/p>\n\n\n\n<p>Configuring multi-factor authentication (MFA) across IT resources is a good policy because it prompts users during authentication for something they know (password) and something they have (MFA via Duo, TOTP, or other methods<em>)<\/em>. This creates a secondary required authentication method, which helps lock down systems, applications, and other resources and make access more secure.<\/p>\n\n\n\n<p>Enforcing MFA on systems is a great way to ensure users have both their password and MFA app ready before they\u2019re fully able to log in to secure company resources. You can introduce several layers of security by applying other policies in addition to MFA \u2014 like enforcing full disk encryption \u2014 to ensure your data and user accounts are safe in the event something happens to the system.<\/p>\n\n\n\n<p><strong>Secure Network Authentication:&nbsp;<\/strong><\/p>\n\n\n\n<p>It\u2019s highly recommended to move away from using WPA2 shared keys to authenticate to wireless networks. This is a key all users who need to connect to the network share. The passphrase is rarely if ever changed, which leaves the network vulnerable to disgruntled former employees and makes it easier for a bad actor to socially engineer and manipulate their way into getting the shared key from someone in your workforce.<\/p>\n\n\n\n<p>Individualizing secure access to networks can be handled several ways, two of which are common standards: secure <a href=\"https:\/\/jumpcloud.com\/blog\/ldap-vs-radius\">LDAP and RADIUS<\/a>.<\/p>\n\n\n\n<p>RADIUS allows your users to authenticate to the wireless network SSID via their own set of secure credentials. This makes it easier to track and manage who has access to your networks. Secure LDAP is another means of individualizing access, though it\u2019s more common in VPNs than wireless access points.<\/p>\n\n\n\n<p><strong>Full Disk Encryption:<\/strong><\/p>\n\n\n\n<p>Data encryption is key to meeting virtually any type of compliance regulation. Full disk encryption (FDE) secures the data on systems at the lower levels. It keeps your data safe and secure when at-rest. If a system is stolen but has FDE enabled, an attacker cannot decrypt the data without the password or recovery key.<\/p>\n\n\n\n<p>Both Windows<sup>\u00ae<\/sup> and macOS<sup>\u00ae<\/sup> have methodologies to encrypt the disk with utilities native to their operating systems. Windows\u2019 BitLocker and macOS\u2019 FileVault are both great tools to enable and leverage in your work environment.<\/p>\n\n\n\n<p>Recovery Keys should be protected and secured as well. Having them on loose paper or spreadsheet on a shared drive are two ways to fail a security audit. Keeping Recovery Keys out of sight and secure can be done in a multitude of different ways, some better than others.<\/p>\n\n\n\n<p>Many security compliances will require you to store your recovery keys in a secure vault. These vaults <em>could <\/em>be a physical safe or vault, 3rd party application which securely vaults recovery keys, or securely stored in a directory. You should keep these keys as safe as possible as these recovery keys are the only way to decrypt the disk in a recovery or repair scenario.<\/p>\n\n\n\n<p><strong>No Shared Accounts:&nbsp;<\/strong><\/p>\n\n\n\n<p>Shared accounts can be a security risk, impossible to audit appropriately, and out of compliance. If you\u2019re currently leveraging shared accounts for any of the resources in your environment, WiFi or otherwise, consider migrating to individual accounts. If you audit your organization and find shared accounts are used widely, you\u2019ll struggle to tell who was accessing resources at any given time.<\/p>\n\n\n\n<p><strong>Secure Application Authentication:&nbsp;<\/strong><\/p>\n\n\n\n<p>There are thousands of cloud-based applications available on the internet today. Small and medium businesses might be using five to 50 \u2014 or more \u2014 of these applications across their departments. In tandem with strong password policies, they should enable secure authentication methods backed by protocols such as SAML 2.0.<\/p>\n\n\n\n<p>If you don\u2019t have a central directory or access management platform in use, then it&#8217;s more than likely each of your users manages their own passwords, which may or may not meet your security compliance requirements. It\u2019s crucial to centralize access control to these applications to dictate what types of passwords and authentication methods are used, as well as have the ability to suspend access across applications quickly for any reason.&nbsp;<\/p>\n\n\n\n<p>You can also layer MFA on top of single sign-on (SSO) application authentication to increase the security of your cloud applications. We\u2019ll now explain how to put JumpCloud to work to manage remote workers as easily and securely as possible and put these guidelines into practice.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how\">How does JumpCloud help me meet security requirements while allowing employees to work remotely?<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/manage-remote-employee-systems-cloud-directory.png\" alt=\"\" class=\"wp-image-44903\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/manage-remote-employee-systems-cloud-directory.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/manage-remote-employee-systems-cloud-directory-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/manage-remote-employee-systems-cloud-directory-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>JumpCloud&#8217;s cloud directory platform allows you to manage your company\u2019s identities, resources, and systems via an easy-to-use Admin Portal via your favorite web browser. The above diagram outlines the different resources you can connect to JumpCloud\u2019s core directory.<\/p>\n\n\n\n<p>This guide will help cover the following topics to ensure your JumpCloud organization follows some of the basic best practices for enforcing security while working remotely:<\/p>\n\n\n\n<ul>\n<li>Building the Core Directory\n<ul>\n<li>Setting secure password policies<\/li>\n\n\n\n<li>Utilizing user and system groups<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Configuring Directory Integrations<\/li>\n\n\n\n<li>Enabling Multi-Factor Authentication<\/li>\n\n\n\n<li>System Management &amp; Policy Enforcement\n<ul>\n<li>Change passwords on system<\/li>\n\n\n\n<li>JumpCloud policies<\/li>\n\n\n\n<li>Full disk encryption<\/li>\n\n\n\n<li>JumpCloud commands<\/li>\n\n\n\n<li>Managing applications with JumpCloud &amp; Chocolatey or AutoPKG<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>SAML 2.0 Application Authentication<\/li>\n\n\n\n<li>Network Authentication\n<ul>\n<li>RADIUS<\/li>\n\n\n\n<li>Secure LDAP<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"building\">Building JumpCloud\u2019s Core Directory<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Core-Directory.png\" alt=\"\" class=\"wp-image-45039\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Core-Directory.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Core-Directory-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Core-Directory-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>Users are the core of any directory. With JumpCloud, you can ensure users have access only to the specific resources they need, and are blocked from ones they shouldn\u2019t, and follow strict password complexity policies. With JumpCloud, you can also create user groups that allow you to control which users have access to specific applications, systems, file servers, and networks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Setting Strong Password Policies in JumpCloud<\/h3>\n\n\n\n<p>It\u2019s a best practice to configure your JumpCloud organization&#8217;s password complexity settings before getting started with creating or importing your users. By creating strong password policies up front, your new JumpCloud users will have to abide by those policies on day one. This way, users only need to set their password once to meet your requirements, and this password will then become their password for all other interconnected JumpCloud resources, systems, and applications.<\/p>\n\n\n\n<p>JumpCloud gives you the ability to configure password policies as you see fit under the Org Settings<em> <\/em>tab on the left side of the Admin Portal.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"378\" height=\"84\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/OrgSettings.png\" alt=\"\" class=\"wp-image-45040\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/OrgSettings.png 378w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/OrgSettings-300x67.png 300w\" sizes=\"(max-width: 378px) 100vw, 378px\" \/><\/figure><\/div>\n\n\n<p>Password settings and Policies are under the User Accounts section within the Custom Password Settings dropdown. Here, you can set the minimum character limit, types of characters required, maximum number of failed login attempts, length of password history, and more.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"357\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings-1024x357.png\" alt=\"\" class=\"wp-image-45041\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings-1024x357.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings-300x105.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings-768x268.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings-1536x536.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/CustomPasswordSettings.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Creating JumpCloud User &amp; System Groups<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">JumpCloud User Group Recommendations<\/h4>\n\n\n\n<p>User Groups in JumpCloud give you the control as an administrator to configure which users have access to which resources in your JumpCloud organization. <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-groups#Group%20of%20Users\" target=\"_blank\" rel=\"noreferrer noopener\">Creating User Groups<\/a> is simple and quick within the JumpCloud Admin Portal. To begin, navigate to the Groups tab in the left menu.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"376\" height=\"78\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups.png\" alt=\"\" class=\"wp-image-45042\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups.png 376w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups-300x62.png 300w\" sizes=\"(max-width: 376px) 100vw, 376px\" \/><\/figure><\/div>\n\n\n<p>Whether the group is based on department, location, or application need, you can create user groups with a few clicks. If you\u2019re just starting out with JumpCloud, there are no pre-created groups, which gives you the flexibility to create custom groups specific to your organization.<\/p>\n\n\n\n<p>Generally, you\u2019ll want to create an \u201cEveryone\u201d or \u201cAll Employees\u201d group. This group will make it easier to <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-groups#Bind%20the%20Group\">control access to different resources<\/a> the entire company would require, such as the corporate HR application, chat solution, and conferencing application.&nbsp;<\/p>\n\n\n\n<p>User groups can also be bound to RADIUS networks, whether they\u2019re VPNs or WiFi access points. This helps secure your WiFi and the remote worker\u2019s connection with a VPN, which you may already have implemented. Another example group might be \u201cRemote Employees,\u201d to give them access to the secure VPN to use when they work with non-secure or public internet access.<\/p>\n\n\n\n<div class=\"wp-block-cgb-box box has-background-white-smoke\">\n<p><strong>Tip<\/strong>: You don\u2019t need a VPN to use JumpCloud. However, if you have a large user base who travels abroad and might need to use caf\u00e9 or other public WiFi networks, then a VPN would be recommended for an extra layer of security.<\/p>\n<\/div>\n\n\n\n<p>Leverage Office 365 or G Suite? Using the Directories tab, you can easily sync your JumpCloud user groups with your O365\/G Suite directory to consolidate users\u2019 passwords, control user IAM, and provision new users to their target directories.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">JumpCloud System Group Recommendations<\/h4>\n\n\n\n<p>System Groups in JumpCloud are primarily used for two purposes: User Group access on multiple systems and enabling security policies on systems bound to the System Group.<\/p>\n\n\n\n<p><a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-groups#Group%20of%20Systems\">To create a System Group<\/a>, navigate back to the Groups tab on the left side in the JumpCloud Admin Portal.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"376\" height=\"78\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups.png\" alt=\"\" class=\"wp-image-45042\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups.png 376w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Groups-300x62.png 300w\" sizes=\"(max-width: 376px) 100vw, 376px\" \/><\/figure><\/div>\n\n\n<p>Generally, it\u2019s a best practice to organize your systems into different system groups based on operating system, location, or department. You can easily manage User Group access to multiple systems, such as with DevOps team members accessing multiple Linux servers.<\/p>\n\n\n\n<p>Depending on the operating systems your organization uses, you should create System Groups for each OS. If you use System Groups labeled with their correlating OS, you could then apply the correlating <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-policies-2019-08-21-10-36-47\">security Policies<\/a> on each system group. The group model of managing Policies and systems is much easier than configuring each system individually.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"540\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/SystemGroups-1024x540.png\" alt=\"\" class=\"wp-image-45043\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/SystemGroups-1024x540.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/SystemGroups-300x158.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/SystemGroups-768x405.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/SystemGroups.png 1494w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring\">Configuring Directory Syncs in JumpCloud<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-Directory-Integration.png\" alt=\"\" class=\"wp-image-45044\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-Directory-Integration.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-Directory-Integration-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-Directory-Integration-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>JumpCloud has three primary directory integrations: <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/office-365-user-import-provisioning-and-sync1\">Office 365 \/ Azure Active Directory<\/a>, <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/g-suite-user-import-provisioning-and-sync1\">G Suite<\/a>, and <a href=\"https:\/\/jumpcloud.com\/support\/get-started-adi\">Active Directory<\/a>. With these directory syncs in place, you can import pre-existing users into JumpCloud. You can also provision new users directly in the JumpCloud Admin Portal, where they can then be provisioned in the connected directories via bi-directional syncing.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"644\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Directory-Integration-1024x644.png\" alt=\"\" class=\"wp-image-45045\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Directory-Integration-1024x644.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Directory-Integration-300x189.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Directory-Integration-768x483.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/02-Directory-Integration.png 1062w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>If you\u2019re working remotely or from home, you can use JumpCloud\u2019s singular dashboard to easily import, create, revoke, or suspend user accounts. The User\u2019s workflow is unaffected when logging into Office 365\/Azure Active Directory, G Suite, and-or Active Directory. JumpCloud manages the user account and password sync at the API level with these Directories and their connected resources.<\/p>\n\n\n\n<p>Connecting and configuring your current directories in JumpCloud will make it easier for you and your team to manage user accounts remote\/abroad.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enabling\">Enabling Multi-Factor Authentication in JumpCloud<\/h2>\n\n\n\n<p>If you\u2019re looking at moving into a more remote or full-time remote work environment, it\u2019s highly recommended to set multi-factor authentication for all users who are accessing your company resources. MFA increases the security of your company\u2019s users and resources because it ensures authentication requires not only a password but also a secondary factor.<\/p>\n\n\n\n<p>JumpCloud has TOTP MFA built into the platform natively. JumpCloud\u2019s TOTP MFA can be enabled on a <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/set-up-multi-factor-authentication-for-your-org----jumpcloud-admins-2019-08-21-10-36-47#MFA%20Resource%20Availability\">wide variety of resources<\/a> connected with JumpCloud, and it\u2019s supported by <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-multi-factor-authentication-with-your-jumpcloud-user-account-2019-08-21-10-36-47#Get%20a%20TOTP%20App\">many different TOTP applications<\/a>, such as Google Authenticator, Duo Mobile, Authy, FreeOTP, and more.<\/p>\n\n\n\n<p>You can also enable this secondary layer of security on user or <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/how-to-enable-multi-factor-authentication-for-the-jumpcloud-admin1-2019-08-21-10-36-47\">admin authentication<\/a> into their JumpCloud portals.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"system\">System Management &amp; System Policy Enforcement<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-Device-Authentication.png\" alt=\"\" class=\"wp-image-45046\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-Device-Authentication.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-Device-Authentication-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-Device-Authentication-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>One of the greatest benefits of using JumpCloud is the ability for deep system management and control over user access, system policies, and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-commands-2019-08-21-10-36-47\">remote commands<\/a> on your remote fleet without the need for RDP, VPNs, or SSH. This is all done through <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-systems1-2019-08-21-10-36-47\">JumpCloud\u2019s lightweight system agent<\/a>. Users can easily change their password natively within Windows using ctrl-alt-del and macOS users can use the JumpCloud Mac App in their menu bar. If you enable users to change their password with common workflows in the OS, you help dissuade users from clicking any suspicious email that asks them to change their password via the web.<\/p>\n\n\n\n<p>The JumpCloud system agent communicates to JumpCloud through <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/how-the-jumpcloud-agent-works1\">secure channels over HTTPS\/443<\/a>, which ensures all updates, changes, removals, and additions to systems are carried out in a secure method. The agent communicates with JumpCloud in a 60-second cadence, meaning any changes you make to the system, bound users, or Policies are all updated within 60 seconds.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"609\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-Device-Authentication-1024x609.png\" alt=\"\" class=\"wp-image-45047\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-Device-Authentication-1024x609.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-Device-Authentication-300x179.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-Device-Authentication-768x457.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-Device-Authentication.png 1062w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Many current JumpCloud customers leverage the system agent to ensure remote offices, work-from-home employees, and company-owned systems are secure, managed, and following the best practices for security. All system management can be done 100% from the Admin Portal in your favorite web browser.<\/p>\n\n\n\n<p>Need to do something a bit more advanced like custom scripting? Not a problem. JumpCloud also gives admins the ability to write, execute, and schedule custom bash, PowerShell, and command-line commands all from the Admin Portal. These commands could be anything from mapping printers to mounting file shares, or pulling information off a system.<\/p>\n\n\n\n<p>Pairing JumpCloud\u2019s system agent with the premium <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/JumpCloud-System-Insights\">System Insights<sup>TM<\/sup> feature<\/a> gives you a much deeper look into the health and status of your systems. You can see installed applications, hardware information, hard disk space, and more for systems \u2014 directly from the Admin Portal. This way, you can take inventory of your systems and resources, as well as troubleshoot as needed.<\/p>\n\n\n\n<p>With a few clicks you can ensure your company\u2019s employees have access only to the systems they need, enforce security policies across your fleet, run remote commands, enforce system MFA, and more.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Changing Passwords on the System<\/h3>\n\n\n\n<p>As JumpCloud manages systems through the lightweight agent, Users are able to change their password through their logged in session within the operating system. By enforcing password changes and reminders inside of the operating system, users will easily adapt to this already standard workflow knowing to change it locally. Whether your users are using <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/password-sync-in-the-jumpcloud-mac-app\">macOS<\/a> or <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/Windows-Password-Change\">Windows<\/a>, they\u2019ll be able to change passwords locally.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Mac Password Change<\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"382\" height=\"512\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/MacPasswordChange.png\" alt=\"\" class=\"wp-image-45048\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/MacPasswordChange.png 382w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/MacPasswordChange-224x300.png 224w\" sizes=\"(max-width: 382px) 100vw, 382px\" \/><\/figure><\/div>\n\n\n<h4 class=\"wp-block-heading\">Windows Password Change<\/h4>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"750\" height=\"605\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/WindowsPasswordChange.png\" alt=\"\" class=\"wp-image-45049\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/WindowsPasswordChange.png 750w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/WindowsPasswordChange-300x242.png 300w\" sizes=\"(max-width: 750px) 100vw, 750px\" \/><\/figure><\/div>\n\n\n<p>Local password changes can help dissuade users from falling for phishing attacks. Users are less likely to be swayed to change their password if it comes through a suspicious email, knowing it\u2019s changed locally in-system. The ease-of-use and convenience of changing your password locally keeps it easy for the users, but also easier for the admins as reminders, self-serve, and changes can all be done self-serve for the end-users.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">JumpCloud System Policies<\/h3>\n\n\n\n<p>Built to be vendor-agnostic, JumpCloud allows you to <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-policies-2019-08-21-10-36-47\">configure system policies<\/a> for Mac, Windows, and Linux systems remotely. There are many different system Policies you can configure within JumpCloud\u2019s Policy menu. When creating new Policies, we recommend applying them to System Groups, so all associated systems are covered. This can be done within the Policy\u2019s System Group tab.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"384\" height=\"88\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Policies.png\" alt=\"\" class=\"wp-image-45051\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Policies.png 384w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Policies-300x69.png 300w\" sizes=\"(max-width: 384px) 100vw, 384px\" \/><\/figure><\/div>\n\n\n<p>To get started enforcing good security practices and locking down systems, we recommend configuring and implementing these beginning policies below that were annotated in the first section of this Admin Guide.<\/p>\n\n\n\n<ul>\n<li>Set lock screen for 120 seconds or less<\/li>\n\n\n\n<li>Disable USB mass storage devices<\/li>\n\n\n\n<li>Disable CD\/DVD drive (if applicable)<\/li>\n\n\n\n<li>Disable control panel access\/system preferences access<\/li>\n\n\n\n<li>Restrict App Store<\/li>\n\n\n\n<li>Implement strong password policy<\/li>\n\n\n\n<li>Configure system MFA&nbsp;<\/li>\n\n\n\n<li>Disable local guest and administrator accounts<\/li>\n\n\n\n<li>Turn off AutoPlay<\/li>\n\n\n\n<li>Disable sharing<\/li>\n\n\n\n<li>Default users permissions as standard non-admin\/non-sudoer accounts<\/li>\n\n\n\n<li>Enforce full disk encryption<\/li>\n<\/ul>\n\n\n\n<p>You can enforce more policies as needed, which is a great way to ensure your work-from-home users\u2019 systems are as secure and locked down as possible. It\u2019s also recommended users are set to \u201cstandard user\u201d when you bind users to systems. You should only give sudo\/administrator-level permissions to users who require it, such as developers and administrators.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"364\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2-1024x364.png\" alt=\"\" class=\"wp-image-45052\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2-1024x364.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2-300x107.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2-768x273.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2-1536x546.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/FileVault2.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\">Enabling Full Disk Encryption on JumpCloud Systems<\/h3>\n\n\n\n<p>If you\u2019re running Mac and\/or Windows systems in your JumpCloud organization, you can easily enable full disk encryption via JumpCloud Policies: Create the BitLocker (Windows) or FileVault 2 (macOS) policy within the Policies menu in JumpCloud and apply it to your JumpCloud \u201cWindows System\u201d and \u201cMac System\u201d groups to fully encrypt the disks.<\/p>\n\n\n\n<p>Once the Policy is applied, the recovery key is securely escrowed into JumpCloud and appended to the system. The recovery key can be viewed through the \u201cShow Recovery Key\u201d link within the System\u2019s Details tab. If you already have FileVault 2 or BitLocker enabled before JumpCloud, JumpCloud cycles the key and escrows the new key into JumpCloud.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"599\" height=\"230\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/RecoveryKey.png\" alt=\"\" class=\"wp-image-45053\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/RecoveryKey.png 599w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/RecoveryKey-300x115.png 300w\" sizes=\"(max-width: 599px) 100vw, 599px\" \/><\/figure><\/div>\n\n\n<p>This way, you don\u2019t have to manage any spreadsheets, sticky notes, or other legacy means of managing your recovery keys \u2014 and the whole process can be done 100% remotely and easily through JumpCloud\u2019s Admin Portal while being highly secure.<\/p>\n\n\n\n<p>Full disk encryption enforces strong methods built in natively within Windows 8.1\/10 and macOS 10.13.6 or higher. If the system were to be lost or stolen, you have the assurance the data on the disk is safe because of the JumpCloud FDE policies applied to the systems. Only the user or admin can decrypt the volume, and the recovery key is only available to view for JumpCloud admins through the Admin Console.<\/p>\n\n\n\n<p>Generally, if the system travels outside of the office, including in remote work scenarios, it\u2019s highly recommended to enforce full disk encryption. This way you are implementing security at the lower levels on the disk and the laptop is secure-at-rest. Check out JumpCloud\u2019s guides on full disk encryption for <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/bitlocker-policy\">BitLocker<\/a> and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/filevault-2-system-policy\">FileVault 2<\/a> for more details.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">JumpCloud Commands&nbsp;<\/h3>\n\n\n\n<p>If you\u2019re looking for more granular control or the ability to run scheduled tasks, JumpCloud gives you the ability to configure <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-commands-2019-08-21-10-36-47\">commands<\/a> for Mac and Linux<sup>\u00ae<\/sup> (Bash) and Windows (PowerShell or command-line). These commands are remotely executed on either singular or multiple systems, all backed by the JumpCloud agent. To get started, navigate to the Commands tab in the left menu in the JumpCloud Admin Portal.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"380\" height=\"80\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Commands.png\" alt=\"\" class=\"wp-image-45054\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Commands.png 380w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Commands-300x63.png 300w\" sizes=\"(max-width: 380px) 100vw, 380px\" \/><\/figure><\/div>\n\n\n<p>In a work-from-home or remote work environment, you can pull system or user information on the system using these remote commands. If you leverage <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/JumpCloud-System-Insights\">JumpCloud\u2019s System Insights<\/a>, you can do this natively within the Admin Portal.&nbsp;<br><\/p>\n\n\n\n<p>JumpCloud has a <a href=\"https:\/\/github.com\/TheJumpCloud\/support\/tree\/master\/PowerShell\/JumpCloud%20Commands%20Gallery\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">commands gallery on GitHub<\/a>, so you can copy and paste example commands. These are basic commands to get you started, but if you\u2019d like to write your own custom commands or tasks via Bash or PowerShell, you have the possibility to do so, all from the Admin Portal in your favorite browser.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Managing Applications with JumpCloud &amp; Chocolatey or AutoPKG<\/h3>\n\n\n\n<p>Although JumpCloud does not function as a system\u2019s application manager, it can pair with third-party, open-source package managers such as Chocolatey for Windows systems and AutoPKG for macOS systems in your JumpCloud environment. This is done leveraging JumpCloud\u2019s Commands in the Admin Portal.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Managing Applications with Chocolatey with JumpCloud Commands<\/h4>\n\n\n\n<p>For Windows systems, using <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/chocolatey.org\/\" target=\"_blank\" rel=\"noreferrer noopener\">Chocolatey<\/a> is straightforward and simple. You can install Chocolatey remotely and then begin to provision applications to your users\u2019 systems remotely through JumpCloud. For example, if you want to install Notepad++ or Chrome, you can use the following two lines in a JumpCloud command once Chocolatey has been installed.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-cgb-box box has-background-white-smoke\">\n<p><strong>choco install googlechrome -y<br>choco install notepadplusplus -y<\/strong><\/p>\n<\/div>\n\n\n\n<p>With JumpCloud Commands, you can also call Chocolatey to update Chocolatey-managed applications on a specific schedule, such as everyday at 0500 UTC as shown in the following example.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"653\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey-1024x653.png\" alt=\"\" class=\"wp-image-45055\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey-1024x653.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey-300x191.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey-768x490.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey-1536x980.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Chocolatey.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>This allows you and your IT admins to ensure the appropriate applications are installed and available for your remote workers, even though your users might be standard users within Windows. Chocolatey\u2019s open repository has more than 7,000 applications in their public list, and they continually update what\u2019s available.<\/p>\n\n\n\n<p>Although JumpCloud doesn\u2019t natively manage the installed applications on Windows, it acts as the vehicle to pair with Chocolatey\u2019s package manager to help consolidate your administrative tasks in JumpCloud\u2019s Admin Portal.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Managing Applications with AutoPKG with JumpCloud Commands<\/h4>\n\n\n\n<p>For macOS systems, JumpCloud Commands can be paired with AutoPKG to help manage and install applications remotely on the macOS systems in your company\u2019s fleet.<\/p>\n\n\n\n<p>Once AutoPKG has been installed, you can then create specific JumpCloud Commands which will use AutoPKG to deploy applications across your macOS fleet. To leverage AutoPKG to the fullest, you\u2019ll want to ensure your environment has the appropriate requirements in place. For example, if your repository has the latest version of Firefox, you can install it across your systems using the following AutoPKG recipe:<\/p>\n\n\n\n<div class=\"wp-block-cgb-box box has-background-white-smoke\">\n<p><strong>autopkg install firefox.install<\/strong><\/p>\n<\/div>\n\n\n\n<p>By combining both solutions, JumpCloud and AutoPKG, you can create application installs and updates for your macOS environment without needing your macOS users to have sudo privileges. Although JumpCloud isn&#8217;t a full application manager, like with Chocolatey, it acts as the vehicle for AutoPKG to do its magic.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"saml\">SAML 2.0 Application Authentication with JumpCloud<\/h2>\n\n\n\n<p>Most companies use a catalog of web applications, such as Slack, Zoom, Salesforce, AWS, GitHub, and more. In most scenarios, you can access these applications from anywhere in the world, as long as you have internet access. JumpCloud was built in the same way of being 100% cloud-based.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/08-SAML.png\" alt=\"\" class=\"wp-image-45056\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/08-SAML.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/08-SAML-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/08-SAML-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>JumpCloud allows you to configure SAML 2.0 application connectors for SSO to the resources your company uses. There are hundreds of pre-configured connectors for applications in <a href=\"https:\/\/jumpcloud.com\/sso-connectors\/#sso-grid\">JumpCloud\u2019s catalog<\/a>, with Just-in-Time provisioning for select apps, as well as a generic connector for applications not already pre-configured.&nbsp;<\/p>\n\n\n\n<p>By leveraging JumpCloud user groups, you can associate specific application access only with the groups that need those applications. As seen in the example below, Group 1 has access to Box, AWS, and Zendesk, but does not have access to Slack, Salesforce, or Atlassian Cloud.&nbsp; Keep in mind, JumpCloud users can be placed in both Group 1 and Group 2 to gain access to both sets of resources, depending on the requirements and use cases.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"876\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-SAML-1024x876.png\" alt=\"\" class=\"wp-image-45057\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-SAML-1024x876.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-SAML-300x256.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-SAML-768x657.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/05-SAML.png 1062w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>With this workflow, JumpCloud becomes the identity provider to the SAML application (otherwise known as service provider). JumpCloud users can then access the applications they need through the <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-your-jumpcloud-user-portal-2019-08-21-10-36-47\">JumpCloud User Portal<\/a>. This allows access to all of their cloud-based applications using their individual, secure credentials for JumpCloud.&nbsp;<\/p>\n\n\n\n<p>You can easily control all your <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-applications-saml-sso2\">company\u2019s applications<\/a>, <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-multi-factor-authentication-with-your-jumpcloud-user-account-2019-08-21-10-36-47\">enforce MFA<\/a> on SSO Apps, and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/connecting-users-to-resources---grant-access\">manage user access<\/a> all from a single pane of glass with JumpCloud\u2019s Admin Portal. With JumpCloud, you\u2019ll gain assurance all application access is secure for all employees, even those who are working from home or remote.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"network\">Network Authentication with JumpCloud<\/h2>\n\n\n\n<p>If you\u2019re currently using either WiFi, firewall, or VPN, you can point your network resources to JumpCloud for authentication. There are two main methodologies when connecting networking hardware to JumpCloud: <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-radius1\">RADIUS<\/a> and <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-jumpclouds-ldap-as-a-service1\">secure LDAP<\/a>.&nbsp;<\/p>\n\n\n\n<p>Both of these authentication mechanisms help secure your network, as well as the traffic by your users. Enabling a VPN for remote workers, though not mandatory with JumpCloud, is a great way to ensure your employees\u2019 traffic is encrypted through your company\u2019s VPN tunnel.<\/p>\n\n\n\n<p>In this scenario, remote employees launch the VPN client and connect to your company\u2019s VPN by authenticating using their JumpCloud username and password. The authentication request is then sent to JumpCloud to ensure they have the appropriate credentials and rights to gain access to the VPN.<\/p>\n\n\n\n<p>Again, just like all other modules in JumpCloud, you can enable this remotely through the JumpCloud Admin Portal.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network Authentication via JumpCloud\u2019s RADIUS-as-a-Service<\/h3>\n\n\n\n<p>You can also easily work with the networking gear your company is already using by pointing either your VPN or wireless access points to JumpCloud\u2019s RADIUS servers. JumpCloud will then handle all network authentication to the specified network via the RADIUS protocol.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"523\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-RADIUS-1024x523.png\" alt=\"\" class=\"wp-image-45058\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-RADIUS-1024x523.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-RADIUS-300x153.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-RADIUS-768x393.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/04-RADIUS.png 1174w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>In a work-from-home environment, you can point your VPN to <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/getting-started-radius1\">JumpCloud\u2019s RADIUS<\/a> server for authentication. JumpCloud\u2019s RADIUS works with any VPN vendor, as long as the VPN server can be configured to authenticate using the RADIUS protocol. For example, if you\u2019re using <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/configuring-openvpn-to-use-jumpclouds-radius-as-a-service\">OpenVPN<\/a>, you can easily direct authentication to JumpCloud.<\/p>\n\n\n\n<p>Along with individualizing access for networks, JumpCloud has the ability to configure <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/JumpCloud-RADIUS-MFA\">MFA for RADIUS<\/a> authentication. Harden your VPN\u2019s security by requiring both a user\u2019s strong password and their MFA token during authentication through the VPN client.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Network Authentication via JumpCloud\u2019s Secure LDAP<\/h3>\n\n\n\n<p>Another route to take is through <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/using-jumpclouds-ldap-as-a-service1\">JumpCloud\u2019s Secure LDAP-as-a-Service<\/a>. In this methodology, you would point your networking hardware or software to JumpCloud\u2019s secure LDAP servers to handle authentication. This methodology is common among most VPN and firewall vendors.&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"609\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/03-LDAP-1024x609.png\" alt=\"\" class=\"wp-image-45059\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/03-LDAP-1024x609.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/03-LDAP-300x179.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/03-LDAP-768x457.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/03-LDAP.png 1062w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>You\u2019ll have to configure JumpCloud\u2019s LDAP-as-a-Service before configuring your network to point to JumpCloud. This methodology is also secure and easy, as we use OpenLDAP RFC-2307 over the secure port of LDAPS\/636. This way, any authentication to and from the VPN or firewall is encrypted and secure. <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/configuring-openvpn-to-use-jumpclouds-ldap-as-a-service1\">OpenVPN<\/a> is another example of a vendor that can integrate with JumpCloud\u2019s secure LDAP-as-a-Service.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"secure\">A Secure Domainless Enterprise Directory<\/h2>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"500\" height=\"500\" src=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-The-Wheel.png\" alt=\"\" class=\"wp-image-45035\" style=\"width:375px;height:375px\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-The-Wheel.png 500w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-The-Wheel-300x300.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/01-The-Wheel-150x150.png 150w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/figure><\/div>\n\n\n<p>Moving into a domainless enterprise or full work-from-home model is secure and efficient with JumpCloud&#8217;s cloud directory platform. Protect your IT resources and employee identities with an entirely cloud-based solution, backed by secure protocol standards. Enforce security policies and allow users to <a href=\"https:\/\/jumpcloud.com\/blog\/benefits-system-password-management\/\">change passwords on the system<\/a> to help prevent web-based phishing attempts. Whether a company is five or 5,000 users, JumpCloud allows IT admins to manage their resources from anywhere on the planet from a single pane of glass via the Admin Portal.<\/p>\n\n\n\n<p>You can secure systems with JumpCloud\u2019s lightweight agent, enforce security policies, and ensure good security practices across your system fleet with a few clicks. You can also integrate your current applications, network hardware, and other directories with JumpCloud to consolidate your users\u2019 credentials safely. JumpCloud is specifically designed to increase security without sacrificing simplicity.<\/p>\n\n\n\n<p>JumpCloud was built to be the first cloud-based directory solution, and we can also assist a migrating company looking to move into a flexible, work-from-home environment. You can <a href=\"https:\/\/jumpcloud.com\/get-started\">sign up with JumpCloud<\/a> and begin testing on your own. If you\u2019re looking at implementing JumpCloud for an organization with more than 10 users, check out JumpCloud\u2019s various <a href=\"https:\/\/jumpcloud.com\/pricing\">pricing plans<\/a> and only pay for what you need.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"resources\">Additional Resources<\/h1>\n\n\n\n<p>If you\u2019re looking for additional reading beyond what\u2019s included here, we\u2019ve compiled other resources to help ensure you get the most out of your JumpCloud experience and make the transition to remote work as seamless as possible:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/github.com\/TheJumpCloud\/support\">JumpCloud\u2019s GitHub Page<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/support.jumpcloud.com\">JumpCloud Knowledge Base<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/learning-byod\/#\/\">JumpCloud\u2019s Build Your Own Directory Training Series<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/resources\">JumpCloud Resources<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/the-it-guide-to-managing-remote-workers\/\">Remote Workers: Qs, Best Practices, Resources<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/secure-home-wifi-remote-work\/\">How to Secure a Home WiFi Network for Remote Work<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/vpn-best-practices-remote-workers\/\">VPN Best Practices for Remote Workers<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>JumpCloud&#8217;s cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.<\/p>\n","protected":false},"author":98,"featured_media":45082,"template":"","categories":[42],"collection":[],"wheel_hubs":[],"platform":[],"resource_type":[2310],"funnel_stage":[],"coauthors":[2550],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Admin Guide to Supporting Work from Home with JumpCloud - JumpCloud<\/title>\n<meta name=\"description\" content=\"JumpCloud&#039;s cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Admin Guide to Supporting Work from Home with JumpCloud\" \/>\n<meta property=\"og:description\" content=\"JumpCloud&#039;s cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-20T23:32:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2550\" \/>\n\t<meta property=\"og:image:height\" content=\"1590\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"27 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"Daniel Fay\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide\",\"url\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide\",\"name\":\"Admin Guide to Supporting Work from Home with JumpCloud - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png\",\"datePublished\":\"2020-03-31T21:26:59+00:00\",\"dateModified\":\"2024-02-20T23:32:56+00:00\",\"description\":\"JumpCloud's cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png\",\"width\":2550,\"height\":1590},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Resources\",\"item\":\"https:\/\/jumpcloud.com\/resources\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Admin Guide to Supporting Work from Home with JumpCloud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Admin Guide to Supporting Work from Home with JumpCloud - JumpCloud","description":"JumpCloud's cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide","og_locale":"en_US","og_type":"article","og_title":"Admin Guide to Supporting Work from Home with JumpCloud","og_description":"JumpCloud's cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.","og_url":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide","og_site_name":"JumpCloud","article_modified_time":"2024-02-20T23:32:56+00:00","og_image":[{"width":2550,"height":1590,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"27 minutes","Written by":"Daniel Fay"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide","url":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide","name":"Admin Guide to Supporting Work from Home with JumpCloud - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png","datePublished":"2020-03-31T21:26:59+00:00","dateModified":"2024-02-20T23:32:56+00:00","description":"JumpCloud's cloud directory platform allows you to manage your company\u2019s identities, resources, and systems \u2014 from anywhere.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2020\/03\/Admin-Guide-WFH-JumpCloud.png","width":2550,"height":1590},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/resources\/working-from-home-jumpcloud-admin-guide#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Resources","item":"https:\/\/jumpcloud.com\/resources"},{"@type":"ListItem","position":3,"name":"Admin Guide to Supporting Work from Home with JumpCloud"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource\/45029"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/98"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/45082"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=45029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=45029"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=45029"},{"taxonomy":"wheel_hubs","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/wheel_hubs?post=45029"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=45029"},{"taxonomy":"resource_type","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/resource_type?post=45029"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=45029"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=45029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}