JCDavid
Iron II
Iron II

You can create a group in a few simple steps (even dynamic ones!). Automation sounds complicated, but it really isn’t. It will save you and your team a lot of time and help to achieve security that’s built around your assets. Security can be strong without being difficult to manage.

Group memberships in JumpCloud are based on the attributes of a user object. Entitlements are applied to individual groups versus nesting like in Active Directory, where those permissions are inherited from the parent’s group object. That legacy makes it difficult to have strong access control and troubleshoot access control issues as directories grow bigger. In contrast, JumpCloud makes it easier for admins to determine why a user has access to something. 

Dynamic groups also offer a stronger approach to entitlement lifecycle management by automating membership changes using attributes (and even some simple logic) without creating extra work. (​​However, if needed, static groups with explicit assignments are always an option.) 

Think about it: you'll be able to get time-consuming tasks like onboarding out of the way quickly and move on with confidence that the user entitlements are correct. You can also save on licenses for apps that are over assigned to people who don’t really need that access. 

Demo Overview

JumpCloud allows you to create groups, either manually or through attributes, for users, devices, and policies. This demo is focused on walking you through creating a user group. 

You’ll learn the basics of group creation, membership controls, and using attributes to create conditions. You’ll also see how to preview potential membership changes before they happen. Creating a group and assigning users to groups is simple, but membership rules take a little more time to understand. Getting started hands on with it may make it easier to understand. 

Budget about 10-15 minutes of your time if you’re doing this in a live environment.

Prerequisites

Not every step here is necessary to complete this tutorial. However, if you want to experience your evaluation of this (and other) feature as if you’re implementing the product, we recommend the following:

  1. Complete the following walkthroughs (or have set up your instance with the appropriate assets on your own):
    1. Creating JumpCloud Admins
    2. Creating Users 101

Demo Walkthrough

You’ve come this far, but stuff happens. We’ve all been there… when support tickets just flood in. Give this 2-min simulation a try if you get busy today: Creating a Dynamic User Group. You can always come back and do it for yourself later. Let’s get started once you’re ready.

Step 1: Create a Group

  • Log in to the JumpCloud Admin Portal.
  • Go to User Management > User Groups and click ( + ).

Optional: Adding Users to a Group

  • On the New User Group panel, select the Users tab.
  • Select users from the list.

Resources: Creating User Groups, Get Started User Groups

Step 2: Establish Membership Controls

  • Navigate to Details > Membership Controls.
  • Select the Dynamic radio button. Optionally, if you would like to review membership updates before they implemented, select: 
  • Require administrator review of updates – to review group membership updates in the Admin Portal. Receive emails when administrator review is needed for updates – to receive approval emails notifying all administrators of membership changes.

Resources: Configure Dynamic User Groups

Step 3: Use Conditional Logic

  • After enabling Dynamic User Groups, click the dropdown under the Attribute column and choose the desired attribute from the list.
  • Expand the dropdown under Operator and choose equals or not equals for each attribute.
  • In the Value text field, enter the desired value. Select (+) to add multiple values to one group attribute. This acts as an “or” operator for the different values. Using the example below, the group’s membership includes users whose Location equals “Miami” or “Ft. Lauderdale'' or “Boca Raton”. Note: these values are case sensitive.

 

Enable-Dynamic-Groups-2

 Resources: Configure Dynamic User Groups

Bonus Simulations

Conditional access to SSO applications: Protect privileged resources

Conditional access identity trust: Require MFA to access certain resources

Enroll a user group into JumpCloud Password Manager 

Final Results

You’ve just learned how groups work in JumpCloud. It’s a gamechanger for security and IT efficiency if you’re coming from Active Directory. IT becomes more efficient and responsive to business requirements through dynamic groups. For example, a finance department can be granted access to AWS in order to do some audit work simply by adding a new attribute rule for that group. There’s no risk of over-provisioning users like there would be with a nested model.

Get prepped now

Have your testers download JumpCloud Protect™ from the User Portal.

Download the admin app to test out on-the-go features such as password resets.