Not every Service Provider (SP) makes it easy or affordable to use single sign-on (SSO). It can be ideal (but impractical) to pay a SP just for one feature. That’s why password management remains very important. However, it’s important to get your passwords out of your browsers. It may be convenient, but it’s a poor security practice.
Luckily, JumpCloud has an integrated Password Manager (PWM).
PWM has several advantages over existing password managers; the biggest is the way your data is stored and synced across devices. Also:
- Security risk is minimized by a hybrid cloud-based and offline approach to synchronization.
- No master password to remember
- JumpCloud Password Manager (PWM) can store and auto-fill TOTP tokens
- Admins can use it to share TOTP tokens among the IT team
Demo Overview
This walkthrough will demonstrate how to enroll users into PWM with the option to leverage JumpCloud’s patch management to conveniently distribute the browser extension for your users. We’ll take a look at the admin side of things where you’ll not only configure users: you’ll have visibility into sharing activities. This will only take a few minutes. Let’s get started.
Prerequisites
Not every step here is necessary to complete this tutorial. However, if you want to experience your evaluation of this (and other) feature as if you’re implementing the product, we recommend the following:
- Creating JumpCloud Admins
- Add your admin user accounts to a user group
- Start a feature trial (optional)
Demo Walkthrough
Step 1: Invite Admin User Accounts to PWM
Simulation: Enroll a User Group
- Navigate to User Authentication > Password Manager in the left pane.
- Click and follow the Get Started guide to enroll your admin group or go to the Users tab and click the green Edit Group Enrollment button.
- Select the User Groups for enrollment.
- Click Save to send the user invites.
User Experience for Password Manager Enrollment
- The user will receive a Password Manager Invite email, and will be prompted to Download Password Manager.
- The user will follow prompts to download and launch the application.
Note: Here is the download link, if needed.
- Once the application is launched, the user will receive another email; this one contains a verification code to enter on the Verify Account page in the application.
- Once the account is verified, the user will be prompted to create and confirm a PIN. The process is completed once a PIN is confirmed.
Resources:
Get Started JumpCloud Password Manager
Enroll Users in JumpCloud Password Manager Admins
Restoring Users from Cloud Backups
Step 2: Deploy the Browser Extension (Optional)
It’s possible to deploy the Chrome browser extension using JumpCloud’s patch management. To access this feature in the JumpCloud admin portal browse to Policy Management > Patch Management > Browser, as seen in screenshot. Follow the steps to enroll your organization into Google’s Chrome Browser Management and copy the token back to JumpCloud.
- Navigate to Home > Chrome > Apps & Extensions > Users and Browsers and click Additional Settings.
- Under the settings for allow/block mode click edit. You may choose whatever settings work best for your organization. For this example we’ll choose to select the following configurations
- Play Store: Block all apps, admins manages allowlist.
- Chrome Web Store: Block all apps, admin manages allowlist, users may request extensions. Click Save.
Note: This will allow us to create an allow list of extensions, AND give the user the ability to request a new extension.
- Next, we'll add extensions to our allow list and configure settings. Make sure you are in Home > Chrome > Apps & Extensions > Users and Browsers, click the yellow plus sign in the bottom right of the page, and click Add from Chrome Web Store.
- Search for and select the extension you would like to add. In this example, we’re adding the JumpCloud Password Manager.
Finally, we can configure settings for the extensions behavior. For this example we’ll click Force install + pin to the browser toolbar.
Resources:
Step 3: Learn the PWM Administrative Console
This simulation will help to familiarize you with administrative elements of PWM.
Password Manager Simulation (Simulation)
Resources:
JumpCloud Password Manager FAQ
Step 4: Enable Cloud Backups
It’s always a good idea to make a secure backup of your passwords. This is accomplished through the Admin Console. Admins are responsible for securely storing private keys.
- Log in to the JumpCloud Admin Portal
- Go to User Authentication > Password Manager, and go to the Settings tab.
- Click the Enable Cloud Backups button.
- On the popup modal, give the private key a name, and then click Generate Key.
If the download does not happen automatically, click Download Key.
Resources:
Password Manager Cloud Backups
Bonus Simulations
Password Manager User Group Enrollment (Simulaiton)
Password Manager Simulation (Simulation)
Password Manager Browser Extension (Simulation)
Importing Data into Password Manager (Tutorial)
Final Results
You’ve learned how to enroll users into PWM. JumpCloud’s patch management can make it easier to accomplish your deployment project. The end result is better security along with centralized password management as well as auditable records and sharing.
Get prepped now
