JumpCloud — Directory as a Service

JumpCloud is a Directory as a Service solution that provides device authentication and management, user control and secure identity for all IT resources, directory integration, Single Sign On and Zero Trust implementation that limits who can access resources based on their identity, device and network trust or their location.

How do we work today?

In today’s world securing access to our devices and applications is not easy. The move to remote work as well as the use of cloud software have changed everything. Long gone are the days when we had firewall perimeters, a secure zone (internal) and a not secure zone (external — Internet). On some occasions, there was also a special zone to put all our systems that had to be reached from the inside and the Internet, for example an email system. The network was divided into different so-called domains. Now, users work from home, office and from anywhere where they can connect. That’s why an employee plus their device plus any location is the “new perimeter”. Welcome to the domainless enterprise model.

There are also some other aspects we have to take into account. There is a broad diversity of devices used in corporations — Windows, Linux, Mac. We have to be able to manage them and protect the data. There are also cloud native companies that don’t have any resources on premises — all cloud infrastructure is in the cloud.

Security is more important than ever

When we look at what we have to deal with today, we can see that the distributed model of work has an increased complexity. Almost every day we hear about yet another phishing attack. An attack that can be imposed on any company, regardless if they are big or small, public or private. And still, people think that security can be implemented with one magic click. It is not so. Security is more of a process in which we have to look at many different aspects, ranging from people awareness, through user directory and device management, and finally implementing a zero trust architecture.

How can we provide secure access?

So, how can we protect our assets and applications? How can we speed onboarding? How can we provide better security without imposing unnecessary burden on the users? Let’s take a look at the figure below:

It is very important to have one solution that can glue all those steps together. Going into multiple silos solutions will add a lot of additional work to our administrative team, and this certainly isn’t what we want.

That’s why JumpCloud is an ideal solution for this task. Let’s see what we can do in each and every part of the above process.

Verify Identity — one secure identity for all IT resources

  • Protected by MFA
  • User identity and attribute management
  • NIST-based password and SSH key management
  • Group membership and authorization
  • User password management self service
  • Directory integrations
  • Google Workspace (G Suite)
  • Microsoft 365

Verify Device — device as a gateway

  • MacOS, Windows and Linux workstation & servers
  • Agent-based binding and control — no VPN required
  • User account management & authentication control
  • Cross-OS configurations / policies
  • MDM for MacOS
  • Zero touch deployment for MacOS
  • Software Management for Windows and MacOS

Secure Network

  • Authenticate network through RADIUS

-> Native FreeRADIUS authentication endpoint

-> WPA-2 Enterprise encryption

-> vLAN tagging and reply attribute support

-> MFA-protected

  • Conditional Access

-> Geofencing

-> IP Allow/Deny List

-> Verified secure device

Secure Auth with open protocols

  • SSO

-> SSO for 700+ business applications

-> SAML JIT + SCIM User Provisioning support

-> Universal SAML 2.0 connector for custom app authentication

-> IdP and SP-initiated support from User Portal

  • LDAP

-> Native OpenLDAP authentication endpoint

-> LDAPs (636) and StartTLS (389) security

-> Samba NAS authentication

-> Extensive LDAP attribute support

-> App, network and on-premise equipment authentication

  • RADIUS

-> Native FreeRADIUS authentication endpoint

-> WPA-2 Enterprise encryption

-> vLAN tagging and reply attribute support

-> MFA-protected

Conditional Access

  • MFA

-> Portal and authentication endpoint MFA

-> Privileged network MFA

-> Mac, Windows & Linux MFA

-> MFA choice (TOTP, Duo, YubiCo)

-> WebAuthn (fingerprint scanner, hardware tokens)

-> JumpCloud MFA app (coming soon)

  • Conditional Access

-> Identity Trust

-> Device Trust

X509 certificate

-> Network Trust

IP allow and deny list

  • Global access policy

With this kind of solution, no matter if you’re a small or large company, 100% cloud native, or you have some solutions on site, you can be sure to have full control over your accounts and resources. If you have any questions, please contact us.

Author: Jacek Bochenek, Cloud and Security Team Leader — CISSP, CISM, CCSP

The images used in this article are the property of JumpCloud and used with their permission.

human-centric software design & development. check out our website: www.iteo.com