JumpCloud consolidates identity, device and access management into a single platform

00:00 
Hi everybody, welcome to DEMO, the show where companies come in and they show us their latest products and platforms. Today, I'm joined by Chase Doelling, he is the principal strategist at JumpCloud. Welcome to the show, Chase!
 
00:09
Perfect. Thank you so much for having me.
 
00:10
All right, so tell us a little bit about JumpCloud and what you're here to show us today.
 
00:13
So JumpCloud, we provide an open directory platform, and we're a little bit more unique, where we centralize your identity management, your device management and access management all and within one platform. So it's really helpful for global IT teams to manage and secure the organizations. All
 
00:27
All right, [what is the] main role within a company that's going to benefit from this is it? I'm assuming it's the IT department. But is there a specific person within the IT group?
 
00:34
Typically we like to say is small to medium enterprises. So anyone from a couple people in a startup that wear 50 hats, and IT is one of them, all the way to a few thousand people, and you have a dedicated team and perhaps some security people helping out and implementing a lot of this.
 
00:50
And I get a sense of, I know what problem you're solving, because you are centralizing and consolidating a lot of different tasks or processes. So can you go through like, what problem are you solving for companies?
 
01:01
Absolutely. So the platform actually consolidates several different tools that IT teams need in order to make work happen wherever we are and the devices that we want to work on. So we typically replace anywhere from six to eight different IT tools. It really reduces that total cost of ownership for those organizations while increasing their security and the visibility of their users.
 
01:20
Can you name, like the tools that you're replacing – not the company names, but the types of tools that usually you're replacing with this?
 
01:27
Yeah, absolutely. You know, when it's your directory, it's your core identity, where that comes from. And then it's SSO, where's those identities going into? And then device management, and this could be for Mac, Windows, Linux, iOS, Android, all those different pieces. And then you add in the accessibility part of it, where you're authenticating using Push MFA or passwordless experiences, or password management in general. So already there's a lot of different tools within that, and then you add in patching and software management, and there's other feature components that really help out organizations.
 
01:54
So I like that all-in-one approach, versus the 17 different tools. So again, what would companies be doing if they didn't have this? Obviously, they might have those 17 different tools.
 
02:05
Yeah, you cobble it all together, and your best bet is you hope that the data also integrates too, right? So a big component of this is the visibility when you combine all those different aspects into it.
 
02:14
Okay, so let's get right into the demo, because you've got a cool scenario, you're going to onboard me and do it into this company, right?
 
02:21
Exactly. I had a good feeling about this conversation, so we went ahead and brought you on. So first things first, we're actually going to log into our admin console, and one thing that I'm doing is actually using our own password manager, and so it's directly on the device, leveraging my biometrics to log in. And once we're here at our dashboard, this is what tens of thousands of IT admins across the globe log into every single day to manage their environment, understand what's happening within that. And one of the biggest pieces we discuss is, there's a big time suck that IT teams face, which is onboarding new folks, right? Because you want to make sure that as soon as you come on, you have access to everything, otherwise it inhibits their experience and has a bad outlook, and they want to make sure that they can get to their jobs, right? The reason that they are hired in the first place. So one of the first things we're going to do is check out our new users, and you just happen to be one of those, and you know, given your background, we wanted to pull you in and part of our engineering and DevOps groups. And so what we've done, though, is we've actually integrated with your HR provider, right? So the people team, they're using that we pulled in your identity, and now it's centralized and unified. And so now that we have that within our cloud directory, we want to provide access into all the different resources that you need to get your job done. So first and foremost is all those different applications, and that's driven by a lot of these groups from other engineering and our DevOps groups. And then the other piece too is we also bring down your identity to the device level, and that's really important as we start to think about and discuss device management here in just a little bit, but you've joined these user groups across those different areas, and they're both static and dynamic. So as your attributes change, as you get promoted or kind of go around the organization, your access does too. And then you're also into all of these different devices, and then as well as your directories.
 
So we've already logged you into Google Workspace, Microsoft 365, we didn't cover it onboarding. Which one you prefer? So we gave you
 
04:03
access to both.
 
04:06
Now, if there was something like, if I came in and said, Well, I don't have access to this or I need access to this certain app, would you be able to add that really quickly.
 
 
04:12
Absolutely, so that's all driven by our group-based attributes, right? And so usually it's like, hey, the marketing department's bringing on this organization, or you weren't included. You just add that back in, and then automatically, we're provisioning that access for you, and especially into those target accounts. So we're using several different protocols when we're thinking about access, whether it's LDAP or radius, kind of the oldies but goodies on networking side. But then for SSO as well, we're actually leveraging SAML and SCIM to create those accounts for you. So that way, again, we're removing that job to be done for it and automating that flow.
 
04:42
And yes, you want to show some other stuff, like the detail. Yeah, go ahead.
 
04:49
Really quick, I love RADIUS. It's one of the favorite features because it's so easy to implement, especially if you think about office Wi-Fi and centralizing that password and identity. And then the next piece is really about kind of the SSO applications. I'm going to spend a minute here, because this has become really important for organizations. When you think about this, is really what people spend a lot of their day getting into and accessing, and from the organization side, that's typically where most of the IP now resides, is in a lot of these different applications. So making sure that we're provisioning you into the right accounts, but also with the right roles, which is really important. And then for those applications that don't support SSO, we actually have our own password manager, and so that's what I use to log in here today, making sure that everything is safe and secure. We took a little bit of a different approach, where it's actually decentralized and hybrid. It's actually living on the machine, so it's just leveraging my biometrics, so I don't need to worry about one master password to get into all my different things.
 
05:37
All right, I want you to bring up the access management part. So let's assume that I'm not a very good employee, and I start trying to access, I start going rogue IT, and start adding apps that have not been approved by the department. Can you track that and find out? Or do I have six IT people coming over and going, “What are you doing?” Which happened to me once at a company.
 
05:57
Yes, and it does occur. So this is actually a new feature that we just introduced, and I'm really excited to talk about today, which is our SaaS management feature. And it does exactly that. And so we'll kind of hop back into the device management and how we manage that, but we're also managing, kind of your browser and that experience. And so now we can start to see what employees are going into. Are they using approved apps? Are they using other apps that, you know? And this helps limit shadow IT and getting a little bit more visibility and say, Hey, do we have two competing products that we need to consolidate on and really bring down? Then again, that licensing cost and the total cost of ownership? And then so we can say, you know, hey, we're actually going to hop into this unapproved application. We'll see you here. Let's see who's a part of this. Oh, Keith, we didn't cover this in the onboarding, but we really didn't want you to have that. So one of the other elements too is, you know, I know it's going to be a brief tenure here, but we'll go ahead and actually suspend you, and we're going to do it right now. And so you also have the option to schedule suspend.
 
06:52
Was that just for that one app, or now, am I out of the company now?
 
06:54
So if you thought our onboarding was slick, our offboarding is even more intense, but that gives you the power of kind of what a centralized identity and device management structure can do, right? Because what just happened is I've automatically removed you from all those different applications. I've de-provisioned you. In most cases, I've removed your account from those devices so you can't even log into the device. And so when you're offboarding employees, it's really important to have that kind of secure back door, because most often, a lot of organizations, you don't see who you're hiring anymore, right? And it could be hiring and talent in global operations. So this is really helpful for teams to making sure that you can work wherever you are, but you also do that securely.
 
07:33
Do you find that a lot of companies that you work with are really good at the onboarding part of it, and then they let off boarding slide down the road.
 
07:42
Absolutely. And I've been in that situation myself in previous startups, because you take onboarding so seriously and making sure it's there, but then over time, you build up trust and be like, Oh, of course they wouldn't take that or kind of do some of those different pieces, but most individuals actually do, and they're not nefarious when they do it, but it's more of, hey, this company strategy, or kind of this presentation deck that I worked really hard on, I'd like to bring that in. And what this really does is it closes that gap and making sure that there's clear visibility in terms of who granted access, when did it happen, and then also when it was revoked, so you have this clear audit trail as well.
 
08:13
All right, do you offer a free trial or 30 day trial for free for our demo?
 
08:18
Yeah, absolutely. So if you go to JumpCloud.com, that gives you a 30-day free trial into anything that you see here today, right in all those different areas. So I encourage folks to sign up. We want you to try it out.
 
08:30
You've already mentioned the website in terms of where they go for more information and to see a lot of other features. We just only covered a few of them, but I'm sure you've got a lot more.
 
08:38
Yep, absolutely. My one favorite feature, just real quickly is going into our policies and actually Group Policy template. So I'm coming in from an Apple, and this is a great way to have people instantly upgrade their security baseline across their fleet of devices and making sure that they have policies and it's secure. So that way you can work no matter where you want to. And again, you know, where would we if we didn't tie all those different elements together, because we're managing your identity, your devices and your access, we can also see the data behind that, which is really crucial. And so now, even though you know your tenure wasn't LinkedIn worthy, we can still make sure that it's audited and tracked and making sure, oh, I gave you access here in the morning, right? And so we can kind of come through all those different events.
 
09:19
Well, this was the shortest job I ever had. So Chase, thanks again. I'm sorry it didn't work out, but thanks for joining us on DEMO. Absolutely.
 
09:25
Thank you so much.
 
09:30
That's all the time we have for today's episode. Be sure to like the video, subscribe to the channel and add any thoughts you have below. Join us every week for new episodes of DEMO. I'm Keith Shaw. Thanks for watching.