12-08-2022 03:07 PM
In our previous post, we discussed how users could be added or removed from a group based on suggestions. This approach works well on groups that are used for admin privileges on a device or a custom role that needs to be provisioned for an application. However, there may be groups in your environment for which you would prefer automated provisioning. JumpCloud is introducing Automated Group Membership as a feature in Beta. With this feature, you may choose to automate certain base-level accesses using groups and still continue to review groups that control higher privileges with a controlled setting on the group.
However, this feature raises some questions:
With the below scenarios, I would like to walk through how to help determine if users would remain part of the group
Depending on the attribute associated with the user they would remain in, or be removed from the automated group. Exemptions provide guard-rails around who must stay in or be removed from a group if the user does not contain the attribute governed for the group. This should be applied with extreme discretion, for example in scenarios where users should get access to a certain resource for troubleshooting or if temporary access is required for a previously existing user from a group. Currently, JumpCloud places a limit of 25 exceptions per group. In the case of a user having the attribute governed by the group, an exemption will actually remove the user from the group, as seen in the above scenario for Stacy when added as an exemption with location=Denver. Below we answer the frequently asked questions you posed:
In the future, we will use distinct states of Automated, Suggested, and Manual as settings on a group to be determined before you would like to set a rule for the group so that admins can set these based on the resources they authorize with intent and clarity. Watch this space for more developments in Smart Authorization using groups.
You can find more details about how to use this feature in the KB doc here.
12-28-2022 08:48 PM
I've tried the setup, but I still need help. Is it possible when adding a user I don't need to click on the "Updated affiliation suggestion" option?
The idea is that when I add a user in Jumpcloud, it will automatically be included in the groups (without having to click on this option).
12-29-2022 11:38 AM - edited 12-29-2022 11:39 AM
You can choose to select the automation membership suggestion ON over the group, this toggle can be found on the user tab of the group.
Once turned on, you would not be needed to review the suggestions as desired.
01-02-2023 10:31 AM
The option "Automate Membership Suggestions On" not is viewer in my painel.
01-04-2023 01:20 PM
This feature is in beta. Can you reach out to your Account Manager to have it enabled in your organization?
New to the site? Take a look at these additional resources:
Ready to join us? You can register here.