ITHQ LTD

JumpCloud - Directory-as-a-Service

JumpCloud® Directory-as-a-Service® provides a unified point of user management and authentication – with no need for on-prem servers or infrastructure. Securely connect users to their workstations, servers, networks, apps, and files. JumpCloud can serve as your authoritative directory or defer to existing identity providers depending on your needs.

Features

  • Centralised Cloud Directory
  • Cross platform support (Linux, Mac, Windows & mobile apps)
  • Custom scripting on endpoints / systems
  • Ease of deployment & management
  • Active Directory Integration
  • Multi-Factor Authentication
  • Single Sign-On; SAML 2.0, SCIM & LDAP
  • Cloud LDAP, Cloud Radius, SAML, MFA, WebAuthn, SSH Key Management
  • Administration Automation with APIs & PowerShell

Benefits

  • Reducing risk through central controls / management
  • More efficient teams less time changing passwords, provisioning apps
  • Grant users freedom of choice across platforms with SSO
  • Save time with group provisioning and self service
  • Lock-down resources with MFA, disk encryption, SSH keys
  • Reporting / visibility of application access, use, license details
  • General security trend (IAM / SSO / MFA)

Pricing

£10 a licence

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

1 3 7 9 0 8 6 1 9 5 4 3 1 4 0

Contact

ITHQ LTD Dale Nursten
Telephone: 02039977979
Email: transform@ithq.pro

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Works with G Suite, Office 365, Active Directory, Workday.

Any SAML 2.0 and LDAP app. Popular applications including Salesforce, GitHub, Dropbox, OpenVPN, Slack, Jenkins. JumpCloud provides out of box connectors to leading SaaS applications. We offer a generic SAML adapter that functions with custom apps. Additionally, we support LDAP authentication.
Cloud deployment model
Public cloud
Service constraints
The only constraints are the vendors compatibility requirements.

https://support.jumpcloud.com/support/s/article/jumpcloud-agent-compatibility-system-requirements-and-impacts1
System requirements
  • Windows, Mac, Linux Desktop Endpoints
  • SAML 2.0 Compliant Applications
  • LDAP Compliant Applications

User support

Email or online ticketing support
Email or online ticketing
Support response times
Vendor response times are dependent on support contracts and are fully detailed here:

https://jumpcloud.com/policies#:~:text=Standard%20Support%20is%20available%20to,JumpCloud%20business%20hours%20response%20times.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web browser through the JumpCloud website
Web chat accessibility testing
Unknown.
Onsite support
Yes, at extra cost
Support levels
JumpCloud detailed support policies are available here:

https://docs.google.com/document/d/1ESLQMbI9P2lkPnvuEbjtxxAyzmud4RbyarprwEaOBg4/
Support available to third parties
Yes

Onboarding and offboarding

Getting started
ITHQ will provide professional services, where needed, to assist customers with initial deployment and training. Additional resources can be purchased if further assistance is required with legacy applications or more custom configurations although this is not expected in the majority of cases.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data can be extracted throughout the contract within the platform and will continue to be available up until the final contract date.
End-of-contract process
At the end of the service subscription the customer will offered the opportunity to renew the service or cease using the platform.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
None.
Service interface
No
API
Yes
What users can and can't do using the API
Our new API offers the ability to interact with some of our core features; otherwise known as Directory Objects. The Directory Objects are:

Commands
Policies
Applications
Systems
Users
User Groups
System Groups
Radius Servers
Directories: Office 365, LDAP,G-Suite, Active Directory
Duo accounts and applications.
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
Services are hosted on a public cloud that can easily and immediately scale to meet demand. Each customer has their own instance and can be provisioned as needed to comply with performance objectives. There are over 100,000 organisations using the JumpCloud platform.

Analytics

Service usage metrics
Yes
Metrics types
Service Uptime for these service components:

User Console
Admin Console
Agent-based Authentication
LDAP
RADIUS
SAML
MFA
API infrastructure
Policies
Command Runner
Workday Integration
G Suite Integration
Office 365 Integration
Mobile Device Management
System Insights
Directory Insights
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
JumpCloud

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Using tools within the platform customers can export to CSV.
Data export formats
CSV
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As per the JumpCloud Support Description: https://docs.google.com/document/d/1ESLQMbI9P2lkPnvuEbjtxxAyzmud4RbyarprwEaOBg4

JumpCloud will provide a 99.9% Uptime for the Service in each calendar month during the applicable Order Term. Uptime will be measured on a cumulative basis across the total number of services made available by JumpCloud in such calendar month.

In the event that Uptime falls below 99.9% during any one Calendar Month, then JumpCloud shall, upon Customer’s written request promptly either credit or refund Customer, at Customer’s option, an amount equal to the following percentages:

<99.9% = 10%
<99% = 25%
<95% = 50%
Approach to resilience
JumpCloud’s infrastructure leverages multiple cloud service providers, spread across several availability zones and geographic regions. Data is stored across several availability zones, as well. This architecture is focused on preventing a failure at the cloud service provider level or within any one region or zone.

Our agent-based, native authentication platform for Windows®, Linux®, and Mac® OS X would not be impacted by a widespread outage of the JumpCloud platform. Users would continue to access their devices as they normally would.

JumpCloud has built a global network of ‘edge’ nodes that operate autonomously from the JumpCloud central infrastructure.

If for any reason the central JumpCloud infrastructure were to experience an outage, these systems would continue to operate autonomously. Our customers’ systems and applications can continue authenticating against these edge servers via LDAP and RADIUS as normal. The ability to make changes to data would be interrupted while the management infrastructure was being recovered, but existing data would continue to be available at these edge servers.
Outage reporting
Public dashboard at: https://status.jumpcloud.com/

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Only users with administrative access rights are able to access any management interfaces or support portals.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
SOC2 Type 2

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
SOC2 Type 2
Information security policies and processes
JumpCloud’s environments are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum of 3 times per year by multiple third-party firms. The results of these scans and tests are integrated into our development workflow to be addressed based on priority.

JumpCloud has completed a SOC 2 Type 2 examination for our Directory-as-a-Service. You can request to view the results of this examination by emailing accounts@jumpcloud.com.

JumpCloud uses monitoring software to track user logins, privileged commands, and to track anomalies. Our servers remain fully patched through the use of configuration management tools. We also use a customized Intrusion Detection System to monitor and report anomalous behavior and to report on changes to critical configuration files and installed software.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
JumpCloud uses monitoring software to track user logins, privileged commands, and to track anomalies. Our servers remain fully patched through the use of configuration management tools. We also use a customized Intrusion Detection System to monitor and report anomalous behavior and to report on changes to critical configuration files and installed software.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
JumpCloud uses monitoring software to track user logins, privileged commands, and to track anomalies. Our servers remain fully patched through the use of configuration management tools. We also use a customized Intrusion Detection System to monitor and report anomalous behavior and to report on changes to critical configuration files and installed software.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
JumpCloud limits access to our technical infrastructure to only personnel with a verified and documented business need; encrypting all data at rest and in flight; utilizing monitoring software to track all user logins and privileged commands; and enforcing secure authentication methods like MFA and password complexity.

Should JumpCloud suspect a data breach, the company and its technical personnel follow a specific incident response plan and policy. This plan will include an investigation to determine what the potential consequences are. JumpCloud will notify all data subjects within 72 hours of becoming aware of a breach.
Incident management type
Supplier-defined controls
Incident management approach
JumpCloud has a monitoring and incident management process to ensure the security of the platform.

Any incidents should be reported via the JumpCloud Support Portal.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10 a licence
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial for up to 10 users; includes all Pro and Premium features, and free access to JumpCloud engineers for your first 10 days

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at transform@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.