If you are new to JumpCloud, you may be asking what is the quickest way to gain a grasp of the foundational elements of the Directory-as-a-Service® platform. In this blog, we’ll be going over the basic steps you can take to build a great foundation in JumpCloud – from creating your first users and connecting them to systems to organizing them into groups.
For a guided demonstration, you can watch the video below, which walks you through these steps within the JumpCloud admin console.
[Tutorial Video] JumpCloud QuickStart
Keep reading for the written guide to establishing the foundations of your JumpCloud directory service.
JumpCloud Quickstart Guide
The foundational elements of a traditional directory are composed of users, systems, and groups. In this sense, Directory-as-a-Service works the same way. At the core of JumpCloud’s Directory-as-a-Service are the connections between your users’ identities and the IT resources they need to access. JumpCloud users can be bound to systems running the JumpCloud agent, and users and systems can be added to groups. IT admins can then build upon this core JumpCloud foundation by leveraging the wide array of user and system management capabilities native to Directory-as-a-Service as they see fit.
Manually Creating Users
To manually add your first user, click the green plus button at the top left of the Users tab. In the user configuration menu, you will find the attributes that define a user within JumpCloud. The first name and last name are exactly that, and can be changed for whatever reason after the fact. The user’s email address is also entered here in the user configuration screen and can be updated after their account has been created.
On the other hand, the username field is hard coded when a new user is saved. This field is set in stone and, once configured, cannot be changed. Why? The contents of the username field get pushed down to the local machine or group of machines when a user is bound to the system or groups of systems and federated to their provisioned IT resources. Changing this after the fact would break the account.
However, IT admins can leverage this aspect of the username to their advantage by making it easy to bind existing systems to JumpCloud with minimal effort. For example, if you plan on installing the JumpCloud agent on an existing workstation with local accounts already created, and if the username field of the existing account matches with the username field populated in the JumpCloud user creation window, then the agent will take over the account and it will be manageable from the JumpCloud administrator console. This makes it easy to bind existing systems to JumpCloud with minimal effort.
The user group, systems, directories, and attributes tabs show additional information about the user. If you’re working within a freshly created environment, these fields need further configuration before anything will display. Once saved, the newly created user will appear in your list of users in the JumpCloud administrator console.
This is the manual process for creating users. However, organizations can automate the workflow in a number of ways. For example, user data and attributes can be imported from a CSV file via the JumpCloud API. Organizations can also leverage our directory sync feature if your organization uses O365 or G Suite. You have full control over the who to import into JumpCloud. Note that when you enable JumpCloud to be the authoritative identity for a user, it will take over the account completely from G Suite and/or O365. To leverage the automated importing of users you must first authorize the directory sync, which is done in the directories tab. Once a directory is authorized, you will also be able to import users in bulk directly through this integration. Additional information surrounding our G Suite and O365 integration can be found in our Knowledge Base.
Manually Creating a New System
Now that we’ve gone over the basic steps for setting up a user, let’s talk about how you can add a system in the Systems tab. To bind a system to JumpCloud, you must first install the JumpCloud agent on it. The JumpCloud agent is a lightweight, low resource application, which runs in the background as a process on Windows, Mac, and Linux machines. Unlike a traditional directory where a machine checks into an authoritative domain controller only when it’s connected to the corporate network, a machine configured with a JumpCloud agent checks into the cloud at a 60 second interval using an encrypted connection whenever it has an active internet connection. This is to ensure the endpoint mirrors any settings remotely configured in the JumpCloud administrative console. A loss of internet connectivity will not prevent a user from logging into their system. However, the connection must be restored to synchronize with JumpCloud (i.e. add, delete, or modify users and various settings).
To add a system, click the green plus button in the systems tab. Here you will find install steps for each system type that is compatible with the JumpCloud platform. During the install process, you will be asked to provide your connect key. This connect key is the unique identifier that binds your machines to your JumpCloud console, and will be displayed in the systems configuration screen during the installation process. Once the agent installation is complete, the new system will appear in your list of systems in the JumpCloud administrative console.
Adding users and systems is a great first step in evaluating the JumpCloud platform as these items are necessary to interact with and leverage other more advanced features of the product. With users and systems configured, we can now dive into groups.
Manually Creating a New Group
To create a group, press the green plus button on the Groups page. A JumpCloud group can either be a group of users or a group of systems. For example, if you have multiple macOS systems, it might make sense to have an Apple Systems group. Into this group, JumpCloud administrators can then add specified Apple systems running the JumpCloud agent. The workflow for creating a group of users is very similar. Following the same example, it might also make sense to have an Apple Administrators group.
Once the group of Apple Systems and the group of Apple Administrators have been created, JumpCloud administrators can connect the two groups together. That means upon saving, any users in the Apple Administrators group will be bound to any systems in the Apple Systems group.
Find More JumpCloud QuickStart Guides
Users, systems, and groups form the foundation of the Directory-as-a-Service platform. Only after these essential items have been created can the JumpCloud administrator realize the full potential of Directory-as-a-Service. Of course, there are plenty of other use cases for Directory-as-a-Service. If you enjoyed this QuickStart session, you may want to dig deeper into a particular category of interest:
- Office 365 Integration – Tutorial Video | Support Documentation
- G Suite Integration – Tutorial Video | Support Documentation
- LDAP-as-a-Service – Tutorial Video | Support Documentation
- Single Sign-On – Tutorial Video | Support Documentation
- MFA for Macs – Tutorial Video | Support Documentation
- MFA for Linux – Tutorial Video | Support Documentation
- Active Directory® Migration – Tutorial Video | Support Documentation
To find more JumpCloud quickstart guides, check out our Knowledge Base. Here you can learn more about how to create users, systems, and groups and how managing them with Directory-as-a-Service can benefit your organization. Contact our team if you have any questions. If you haven’t already, you can also sign up and try it out for yourself. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post authored by Vince Lujan. Read the original post at: JumpCloud