JumpCloud Community

Key Takeaways

• JumpCloud has introduced a new login screen for Mac OS, providing additional information like wireless and system details to assist users even before they log in.
• Self-Service Account Provisioning for new users on devices has been introduced, making it easier for users to set up their devices quickly.
• JumpCloud is working on federating identities from different sources like Okta, Azure, and Google Workspace to provide a seamless front-door experience for users.
• Integration with Active Directory has been improved, allowing users to be pulled from different domains and member servers to cater to various scenarios.
• Light enrollment for Windows is in development, making device enrollment easier and faster. Partners like groWrk and Hofy help streamline the process.

• Learn more about the full set of features we plan to deliver before 2024 in our Q4 2023 Product Roadmap.

Introduction

Chase Doelling, Principal Strategist from JumpCloud, offers a condensed overview of the Q4 Product Roadmap. He provides insights into various key features and enhancements, such as a redesigned login screen for Mac OS, self-service account provisioning for new users on devices, and federating identities from different sources like Okta, Azure, and Google Workspace. He also touches upon improved integration with Active Directory and upcoming developments, such as light enrollment for Windows and the expansion of the custom app repository. 

Full Video

The IT Hour | Q4 Product Roadmap Recap 11.17.23

Speakers

Chase Doelling, Principal Strategist, JumpCloud

Becky Scott, Head of Technical Community, JumpCloud

Transcript

Introduction from Chase Doelling

Chase Doelling:

So if you had a chance to join the webinar, great. Hopefully, I will do a speed-through version. And so I actually recommend folks going there. There's a lot more detail that we cover throughout that hour, in addition to questions, and other pieces. My hope here is that I just provide a sneak peek around a lot of these others, but then also my interpretation of it. So this is like the short director's cut. I modified a lot of the different visuals that you'll see round through the webinar and what we covered, but that's a little bit of a heads-up and where we're heading. So with that, quick disclaimer because it's still a roadmap, and so if you ever have questions on what the team's up to where things are going, I'd say just come back here whenever releasing features, other pieces, usually it hits IT Hour first and then you'll have that reverberation into all the different mediums that we're covering here.

Roadmap Focus Areas

But I'd say, in general, a lot of where we spent our time, certainly within Q4, and so this is coming late in the middle of the quarter, but I'd say the last two quarters, we spent a lot of time thinking about how do we take Identity Management plus Device Management and making sure that that intersection is as powerful as it can be, right? In a really interesting spot where we're managing the identities and the devices and then all that different access in between. So where are we able to add more value for both admins as well as users? And so through that, we spend a lot of time on what we're calling the new front door. We internally call this Device-as-a-Gateway. It might be another moniker that you hear, but we're thinking about that front door experience for how users get into JumpCloud, how they get into the devices, how you can help support them.

New Login Screen for Mac OS

And so a lot of the features that'll be talking about today kind of help think about that type of methodology coming down into it. So the first piece that we delivered was a new login screen. And so now you can start to think about JumpCloud having a little bit like an extra layer of control before the users even get in. And so what we've done is we've actually redesigned specific for the Mac OS, but then there's also a Windows version, but we're pulling in more information that makes it more helpful. So not only do you did a little bit of a redesign, so it looks a little Mac-ish, but we're also pulling forward wireless information. We're also pulling forward some system information so that way, even before you or the user are able to get in, you can actually have some help, make sure it can get on the network or triage a little bit more in terms of what we're doing now.

Self-Provisioning for New Users

The next fun piece is that, well, since we're managing that login screen, what's the next element that we can do then?

Well, we can get new users into that device for the first time. So this is really helpful for hardware refresh cycles or you have the Mission Impossible scenario, where it’s like, “Okay, Tom, here's a new laptop before you jump on the plane.” Just log in, and you now have access into your JumpCloud credentials and making sure that you're able to work on that device. You just picked it up, and you're able to have that self-provisioning flow available to your users. So that's really helpful and just a nice speed upgrade there for folks to get into their devices. 

Federating Identities

Now the next element of that is, okay, that's great. Now it's assuming JumpCloud managed device, but then we're also thinking about JumpCloud users. Well, what if the users are coming from different areas? So we've spent a lot of time thinking about how do we federate those identities into JumpCloud from multiple different sources.

And so introducing this quarter, we're actually federating from Okta. And so this is just one example. We're going to be spending some more time building out Azure as well as Google Workspaces, which is a really cool experience for Google Workspace folks because then you can sort of think about logging into that device with those credentials, and then you're able to create those users in JumpCloud and have all those different automation flows, which we'll cover here in a second. But that's a great way to get different elements and different users all in through that front door no matter where they're coming from. And so we're spending a lot of time building out that infrastructure, making sure that we have those federation scenarios available to us as we go from that. 

Improved Integration with Active Directory

Now we've also talked about users, but they're assuming they're cloud-based, they're coming from somewhere, but we still have some folks that are thinking about getting off of Active Directory, how we can do that and meeting a lot of our customers and partners where they are.

And so assuming that, hey, there's some existing users out there. And so we've had an integration with Active Directory for a long, long time. I think it was one of the first big pieces that we delivered when I showed up three, four years ago. But what we've done is made it a lot easier. And so we're able to now have control over multiple domains since we're able to pull users from different areas as well as member servers. And so we have some folks that say, “Hey, I really want my DC on lockdown, but I need these users to come from here, and this is an okay spot for me.” And so that's what we spent the time thinking about. What are the best ways to get users into JumpCloud, not only from multiple different cloud sources if they're just walking by picking up device, but then also from on-prem areas when we're thinking about making sure we can get those users where they need to be.

Light/Zero Touch Enrollment for Windows

So that is a little bit, we talked a lot about different user scenarios, making sure you can get on the device, but what about the device itself? And so ever since we kind of talked a little bit about becoming a Windows MDM, one of the next big pieces that we're looking to deliver is light enrollment. So basically making sure that the device enrollment for Windows is even easier. And so if here's a (cliche) USB stick, so you can use a USB stick, (they’re still around), but it's just managing that file, getting onto the device. And so it's a combination of Provisioning Package as well as Configuration Designer to make sure that we're able to get those elements on the device the way that you need them. 

And what's really cool is that if you're not already or want to work with, some of our partners either groWrk or Hofy, but they manage that whole device lifecycle for you, so you can actually have the JumpCloud agent already provisioned. So it's a much nicer kind of out-of-the-box experience for new users if you're shipping out those laptops wherever they might need to be. 

Custom App Repository

So great, I open up the laptop, I have all the things, but now I want to get my apps onto the devices. I want to make sure that I'm not only set up from the SSO side, but other applications that we have. 

So one of the big movements that we've spent a lot of time on is what we're calling our Custom App Repository. And so here is another element where you're able to upload both .msi’s, as well .pkg files, but then we're also looking after some storage and transfer capabilities so that way you have your own custom apps, and then that is available through JumpCloud to be deployed to those devices. And so eventually we want to have a multitude of applications not only from custom apps, but then that's where you'll see this lays the foundation to set us up for third-party app management, patching, and all the great things in the future, but having this infrastructure for those custom apps to live within that is great. 

When we did have some questions through the webinar, just kind of if you're thinking about it in terms of like, “Hey, how much storage is coming?” We're not going into competing with the Amazon S3 Buckets anytime soon, but we're coming with plenty of storage available across the organization. The goal is to have all the different applications that you need to efficiently work, right? And it's not like Bitcoin machines and other pieces that we're going to be popping in, but there are all the basic blocking-tackling apps that you'd need to operate in a modern organization. We'll make sure that you can have that accessible through JumpCloud. 

Background Tools

And so thinking about files, we have those all set and great. Now I'm set up, but I run into some trouble and we've been starting to think about how we can upgrade that support that they’re able to provide for end users, both live, (and so we spent some time with Remote Assist kind of live settings) but then also silently. But now we're taking it one step further with this family of what we're calling Background Tools. And so, within the Background Tools, you're able to hop in the device, and we've added two new elements there. 

One is File Manager, so you're able to hop in, see what kind of files are going to transfer, making sure that they're set up for success if they didn't do it from the get-go or if they're running in trouble. And then the other element, which is really sweet, is a live terminal in there. So we even spent some time making sure there's color coding, there's tab complete, and it's a really slick, fast live terminal that you're able to use to hop into the device directly. And if you know that you want to run some diagnostics or have some of those elements available to you right at the device screen, we're trying to make that even faster and better for both you and the users there.

Policy Results

Thinking about devices, we want to make sure that there are files on there, but they’re also secure. We want to make sure of the policies that you’re laying down. One of the other elements that we wanted to pull up making sure that you're able to see across your fleet even faster is when that might not happen as planned or it doesn't go as smoothly. So you can now see across your device list all the different policies that have passed. And so we're going to provide even more visibility in terms of which ones have passed, which ones have failed, which ones are pending, and then also conflicts as well. So if you have different policies coming in in different places, you can start to see which ones have fallen down, which ones need to restart and get a better understanding. So instead of by-device kind of going through that, you're able to see a holistic view, making sure that as you're pulling down, for example, one of JumpCloud's, pre-templated security policies, part of our policy group, making sure that those are all implemented across the devices as you're getting up to speed.

Android Management and Zero-Touch Enrollment

So we've talked a little bit about laptops, users, devices, all these other elements, but then what about the other things that are hiding in our pockets? And so we've spent a lot of time thinking about how to advance Android all the way. So we've spent a lot of time even earlier throughout this year, so announcing EMM earlier, starting with some additional policies, but now we're adding even more advanced Android policies. So that way even more custom configuration when you're thinking about getting it out of the box. And oh, by the way, for those that are supporting those EMM enrollments, we also provide the Zero Touch Enrollment now too. So making sure that, again, that access in the devices, getting it set up, getting it rolling, and making sure that you have the right policies and the security are all coming around on that. So that's really exciting for, I'd say, a good majority of the world that's running on Android, and the deployment, they're making it a lot easier.

Dynamic Groups and Added Attributes

So that is, I'd say, my purview in terms of a lot of the different elements that we've spent a lot of time on when we're thinking about combining identity and devices, a new front door experience, but really how to make sure that that access is even more seamless. But we've also spent a lot of time, we have a lot of engineers and products, fortunately, that are working across the platform. So some other enhancements that you'll see around the other areas is Dynamic Groups, so we're adding in more attributes. I wanted to keep this the same so you kind of have a list of attributes of where we're going. And then we're also going to be doing operators as well, but that will be more likely Q1 work when we're thinking about some of those pieces. But we want to make sure we have those and any feedback around this. We also have other pieces that aren't listed. So, for example, one came up on the webinar, which we're looking at is kind of the device type, right? Is it intel or silicon? What are some of those different nuances that we can start to have as well as what are some of the other elements that the device may contain?

Enhancing the Password Management Experience

And then finally, just Password Manager. So spending a lot more time thinking about pulling in better UI UX, better sync, better all these different elements to make it a more cohesive experience when you're thinking about managing users, access types, right? And if it's outside of SSO, outside of the applications itself, all the other elements which we still need to cover within our lives of passwords, making sure that those, I'd say, set up, shareability, visibility, all the “ilities” around JumpCloud, that's where we're spending a lot of time making sure that there's enhancements and additional smaller features across the board. 

Wrapping Up the Roadmap

So that is the quick whirlwind tour of everything that we talked about in terms of Q4, I didn't do too much in terms of leading where we're going to be heading. So if any of all questions that I sparked there in addition to what we can get, but then also kind of other elements that we might touch on.

Additional Storage for Custom Mac Policies

Becky Scott:

Alrighty. So there were a few questions. On storage. Are you guys increasing the storage base for custom Mac policies? I have a few fonts that I push with commands, but would love to do this by policy. However the font families are larger than the current size limit? From Jacob.

Chase Doelling:

Font families. So some custom design. So, in general, I would say yes, but for Mac policy specifically, it's more of a coming type of question because I think what we're getting to now is first within the custom app repository, making sure that we have that element where you can kind of have some of those pieces. But then we start thinking about storage in general, and that kind of opens up that carrot box for us, and then we can start to think about expanding the policies and have some of those. But the goal around that is to help get around some of the size limitations in general and add some more creativity in terms of where you're able to pull from those file device types and making sure you can pull it down.

Prerequisites for Okta Federation

Becky Scott:

Alrighty. And next, does Okta SCIM need to be set up first for Okta Federation to work? From Mark?

Chase Doelling:

That is a good question. I'm trying to think about the flow. So I don't want to give wrong answers, but I would say ideally yes, just so that way we have that provisioning capability and running those protocols and the other elements. But I think the goal through our federation points is kind of going beyond that, right? And get to a great zero-touch way to have some of those elements. But there will be a way for JumpCloud to say, okay, which Okta account and profiles we want to pull in? How are those going to be provisioned? And my guess is we're going to lean on elements like SCIM or some other protocols to help federate through that. But in terms of order of operations, let me check, in terms of the documentation, because I think we're scoping out some of the knowledge-based articles and other pieces, and we'll make sure that during that setup, we put the right foot first.

Additional Attributes for Dynamic Groups

Becky Scott:

And when are the attributes coming?

Chase Doelling:

So the list that I showed should be all set Q4, and so if there's any other slippages other pieces, we should have that. And so since we're actually in the middle of the quarter, we're having a lot of the pieces that are in flight right now, and for additional attributes that, as you can, it's a little bit easier complexity to say, “Hey, what are the other data sources that we want to pull in from JumpCloud?” The operators get a little bit more interesting because the logic flow changes for us. And so it's just a little bit more on that type of side. And that's why I say if you have more suggestions in terms of other attributes, that's easier for our teams to add in those other elements. And then that's too, kind of where, it makes it a little bit more dynamic and a little bit more like each new attribute adds some more optionality and then also counter flows if you want to think about it that way too.

Becky Scott:

Yeah, Jacob had a comment about WinGet. “It's tricky because it isn't really designed to be run as a system. Hoping the PowerShell module in beta makes that better.”

Chase Doelling:

Gotcha. Yeah.

JumpCloud Go and Conditional Access

Becky Scott:

Okay. And then another question James wants to know, did we mention JumpCloud Go and conditional access? Did I miss that?

Chase Doelling:

Oh, good question. No, I didn't mention that. It is one piece that we touched on in the larger roadmap webinar, but in terms of JumpCloud Go (if you don't use it, it's amazing. I like it.) But that is the next kind of step-up element that we're having for JumpCloud Go is when you think about the conditional access policies and step up MFA, making sure that JumpCloud can be a piece of that. So if you choose to make you say, Hey, if you're going into, so the example I'll typically use is either Atlassian or AWS or other specific applications or other scenarios where you want a specific step up in terms of MFA confirmation, JumpCloud Go will now be an option for that as well.

JumpCloud Go and Conditional Access with Mobile Devices

Becky Scott:

Awesome. “And let's see JumpCloud Go and conditional access with mobile devices more specifically.”

Chase Doelling:

Gotcha. Follow up, that's the yes, and. That's where I get into, like, hey, it's coming. What I mean by that, though, is we did talk a little bit around in terms of what's next for mobile outside of Android. So I wanted to just spend time on, hey, here's what you're getting in this quarter. Thinking about 2024, that is where we're going to be having some additional, what we're going to call device trust for mobile. So you can think about it as JumpCloud Go for your mobile devices, but making sure that we can have, I'd say, the additional “fun’ that we need in terms of managing mobile devices, whether that's making sure it's certs, but leveraging those biometrics and making sure that we're hopping in those right scenarios. So that is absolutely set up for 2024, so we can have that type of experience across all of your devices. We're starting with the main MFA fatigue that I think most people run into for the most part, which is this 2D screen life that we're living right now. But as soon as we've solved for that, that absolutely sets us up to cover mobile within 2024.

Watch the Full Roadmap

Becky Scott:

Any other questions? Y'all drop 'em in the chat before we say thank you to Chase for that. And if you haven't watched the full thing, Urvashi put the link in the chat earlier, and if you had signed up for the webinar, you should have already gotten an email with the link to the recap, but it's on the website as well. Anytime you can't make a webinar, still go ahead and sign up because you will get a link back to the recap. 

JumpCloud Go and MFA for the Admin Console

Chase Doelling:

And the last question, too, I see, just popped in for the admin console for JumpCloud Go and Push. And yes, that has been a longstanding ask, and I don't know where it lands right within the priority, but that comes up a lot. And so we're going to be looking at that, making sure that we get it for the admin console. And then some other things around, say admin privileges in general and what we can do there for those that are within the multi-tenant portal, MSPs are other pieces. One other piece around that, too, is different new roles that we'll be introducing in Q1 as well. And so all that is set for those types of areas, and I will say we'll have a better sense internally within the next couple of weeks of how our Q1 as well as 2024 starts to shape up. And so we'll have a lot better answers in terms of timing and specific feature flows and other elements that will be coming here in a couple months. We can be a little bit more specific too.

Upcoming Updates for Password Manager

Becky Scott:

Okay. And another one just popped up about any updates for Password Manager in the works?

Chase Doelling:

Yes, so there's a few that I mentioned here. I would say the biggest element if you want to think about in terms of usability, functionality and in visibility, all those different pieces, but from the usability perspective, making sure that the UI/UX is a little bit more consistent with JumpCloud admin portal and those experiences and notifications are cleaner, but then not only they're cleaner but they're also faster. We want to increase the sync speed between the devices and cloud relay and other elements that are all within that. So that's more of day-life stuff.  And then I'd say the other bulk where the team has spent a lot of time is, okay, what are the additional visibility points that we can start to capture from device management? Pull that into the admin console, making sure that you can see a little bit more logging and so it feels closer.

And so even though we're taking a decentralized approach to password management, we want a centralized view of what's happening, all those different types of elements. So that way it saves time, it saves triage. So that's a lot of the time where we're spending this quarter. And I'd say in general Password Manager, like JumpCloud Protect, JumpCloud Go. These are now elements that sit within the platform that have ongoing and almost mini roadmaps within themselves in terms of enhancements just for those areas. But then also we have, what I'd call bridge features, where “How can we combine identity devices?”, again using that as an example, what are those bridges that make it for a really strong experience, make it for even faster out of box flows, make it for even faster type of enrollment. So that's really where we're going to be positioning ourselves for next year for sure.

Remote Assist and Background Tools

Becky Scott:

Alright, let's see. Lemme put this as a question so that we can properly answer it. “Any updates coming for remote support app? Two requests: walk through a MAC user to enable screen sharing, allow admin to reset or start a new session? A lot of issues around asking the end user to take action.”

Chase Doelling:

Okay. Yeah, so the first one definitely we'll kind of pull as a feature request and then the admin reset function. I think that's another element that we can get into. As you can tell, we've spent a lot of time in terms of just Remote Assist and Background Tools and what are the big rocks that we can add into feature functionality, but we'll pull both of those into the feature requests, get 'em sorted. So making sure again, now that we have those rocks in place, what are the other elements to make sure we can run through there?

Feature Requests

Becky Scott:

And another one from Josh here “Would love to be able to manage the shared groups access from the admin console versus having to be a folder manager on all groups to be able to admin them.”

Chase Doelling:

Okay. Gotcha. Yeah, that makes sense.

Passkey

Becky Scott:

Another feature request there, Josh, and you too, Keith, but I'm sure you already know that. And here's another one around, let's see, pass key, lemme put that one up there. “Passkey is going to be more focused next year in Mac, OS and iOS, MDM?”

Chase Doelling:

It's, and I think this is one of those elements where we want to see how it continues to evolve. I mean, so the good news is we have a lot of strong players, a la Apple, as well as Yubico and some others that are thinking about passkeys in terms of that type of auth flow. We're obviously taking our approach in terms of how we think about passwordless experiences, JumpCloud Go, and leveraging biometrics and other elements, but what are pieces out in the community like passkeys with other elements where you're having some of those? And so I know that we are going to be looking at that for password manager as well as thinking about Mac OS, iOS, but what are those types of experiences that we can have for devices? So I know the teams are looking at that right now in terms of how we can, what's the best wording here? Coming to the marriage cleanly, right? Is probably making sure the best way, making sure that we are ready and enabling those. But yeah, the team is absolutely looking at that.

Becky Scott:

And let’s see, I think that’s it. Alright!