ITHQ LTD

JumpCloud - Directory-as-a-Service

JumpCloud® Directory-as-a-Service® offers a centralised user and identity management system without on-prem servers. It connects users to networks, apps, and files, supporting LDAP, SAML, and RADIUS. Features include device management, software deployment, remote management, multi-factor authentication (MFA), SSO and seamless integration with existing identity providers. Supports Windows, Mac, and Linux.

Features

• Centralise control over user access, identity and permissions.
• Cross platform support (Linux, Mac, Windows & mobile)
• Multi-Factor Authentication (MFA) enhances security across systems
• Single Sign-On (SSO) streamlines access to multiple applications.
• Active Directory Integration
• Enforce security policies consistently across all users and devices.
• Single Sign-On; SAML 2.0, SCIM & LDAP
• Cloud LDAP, Cloud Radius, SAML, MFA, WebAuthn, SSH Key Management
• Administration Automation with APIs & PowerShell
• Provides immediate insights into system usage and security status.

Benefits

• Reducing risk through central controls / management
• More efficient teams less time changing passwords, provisioning apps
• Grant users freedom of choice across platforms with SSO
• Save time with group provisioning and self service
• Lock-down resources with MFA, disk encryption, SSH keys
• Reporting / visibility of application access, use, license details
• Increases Productivity: Single sign-on accelerates application access across devices.
• Enable secure and efficient remote device management and support.
• Automatically deploy and update software effectively.
• Manage and secure devices from anywhere, at any time.

£6.84 to £17 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

218041788530654

Contact

Dale Nursten
02039977979
bidteam@ithq.pro

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Works with G Suite, Office 365, Active Directory, Workday.; ; Any SAML 2.0 and LDAP app. Popular applications including Salesforce, GitHub, Dropbox, OpenVPN, Slack, Jenkins. JumpCloud provides out of box connectors to leading SaaS applications. We offer a generic SAML adapter that functions with custom apps. Additionally, we support LDAP authentication.
• Cloud deployment model: Public cloud
• Service constraints: The only constraints are the vendors compatibility requirements.; ; https://support.jumpcloud.com/support/s/article/jumpcloud-agent-compatibility-system-requirements-and-impacts1
• System requirements:
  • Windows, Mac, Linux Desktop Endpoints
  • SAML 2.0 Compliant Applications
  • LDAP Compliant Applications

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Vendor response times are dependent on support contracts and are fully detailed here:; ; https://jumpcloud.com/policies
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Web browser through the JumpCloud website
• Web chat accessibility testing: Unknown.
• Onsite support: Yes, at extra cost
• Support levels: The support policies can be viewed at: https://jumpcloud.com/policies; ; JumpCloud detailed support policies are available here:; https://docs.google.com/document/d/1ESLQMbI9P2lkPnvuEbjtxxAyzmud4RbyarprwEaOBg4/edit
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: ITHQ will support the on-boarding of the solution with an agreed Scope of Works document customised to meet the customers' requirements.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data export tools within the platform.
• End-of-contract process: At the end of the contract the customer will be offered the option of extending their subscription or ceasing to use the platform.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: N/A
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Our new API offers the ability to interact with some of our core features; otherwise known as Directory Objects. The Directory Objects are:; ; Commands; Policies; Applications; Systems; Users; User Groups; System Groups; Radius Servers; Directories: Office 365, LDAP,G-Suite, Active Directory; Duo accounts and applications.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: To help alleviate the potential confusion end-users feel as they interact with JumpCloud, we’re developing ways you can customise your end-users’ experience, including if they see our logo or yours in their User Portal and in emails sent from us, and customisable email templates. Look for updates to this KB article as we add more ways to customise your end-users’ experience.; ; You can customise your end-user’s experience in the following ways:; Upload Your Org’s Logo. Customise Email Templates

Scaling

• Independence of resources: Services are hosted on a public cloud that can easily and immediately scale to meet demand. Each customer has their own instance and can be provisioned as needed to comply with performance objectives. There are over 100,000 organisations using the JumpCloud platform.

Analytics

• Service usage metrics: Yes
• Metrics types: Service Uptime for these service components:; ; User Console; Admin Console; Agent-based Authentication; LDAP; RADIUS; SAML; MFA; API infrastructure; Policies; Command Runner; Workday Integration; G Suite Integration; Office 365 Integration; Mobile Device Management; System Insights; Directory Insights
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: JumpCloud

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Using the data export tool available in the platform.
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: N/A

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: As per the JumpCloud Support Description: https://docs.google.com/document/d/1ESLQMbI9P2lkPnvuEbjtxxAyzmud4RbyarprwEaOBg4; ; JumpCloud will provide a 99.9% Uptime for the Service in each calendar month during the applicable Order Term. Uptime will be measured on a cumulative basis across the total number of services made available by JumpCloud in such calendar month.; ; In the event that Uptime falls below 99.9% during any one Calendar Month, then JumpCloud shall, upon Customer’s written request promptly either credit or refund Customer, at Customer’s option, an amount equal to the following percentages:; ; <99.9% = 10%; <99% = 25%; <95% = 50%
• Approach to resilience: JumpCloud’s infrastructure leverages multiple cloud service providers, spread across several availability zones and geographic regions. Data is stored across several availability zones, as well. This architecture is focused on preventing a failure at the cloud service provider level or within any one region or zone.; ; Our agent-based, native authentication platform for Windows®, Linux®, and Mac® OS X would not be impacted by a widespread outage of the JumpCloud platform. Users would continue to access their devices as they normally would.; ; JumpCloud has built a global network of ‘edge’ nodes that operate autonomously from the JumpCloud central infrastructure.; ; If for any reason the central JumpCloud infrastructure were to experience an outage, these systems would continue to operate autonomously. Our customers’ systems and applications can continue authenticating against these edge servers via LDAP and RADIUS as normal. The ability to make changes to data would be interrupted while the management infrastructure was being recovered, but existing data would continue to be available at these edge servers.
• Outage reporting: Public dashboard at: https://status.jumpcloud.com/

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Only authorised users / groups will be able to access the management interface or support portals.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International Ltd
• ISO/IEC 27001 accreditation date: 15/03/2022
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: JumpCloud; SOC2 Type II
• Information security policies and processes: JumpCloud’s environments are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum of 3 times per year by multiple third-party firms. The results of these scans and tests are integrated into our development workflow to be addressed based on priority.; ; JumpCloud has completed a SOC 2 Type 2 examination for our Directory-as-a-Service. You can request to view the results of this examination by emailing accounts@jumpcloud.com.; ; JumpCloud uses monitoring software to track user logins, privileged commands, and to track anomalies. Our servers remain fully patched through the use of configuration management tools. We also use a customized Intrusion Detection System to monitor and report anomalous behavior and to report on changes to critical configuration files and installed software.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: JumpCloud uses monitoring software to track user logins, privileged commands, and to track anomalies. Our servers remain fully patched through the use of configuration management tools. We also use a customized Intrusion Detection System to monitor and report anomalous behavior and to report on changes to critical configuration files and installed software.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: JumpCloud maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found:; ; https://jumpcloud.com/vulnerability-disclosure-policy
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: JumpCloud limits access to our technical infrastructure to only personnel with a verified and documented business need; encrypting all data at rest and in flight; utilizing monitoring software to track all user logins and privileged commands; and enforcing secure authentication methods like MFA and password complexity.; ; Should JumpCloud suspect a data breach, the company and its technical personnel follow a specific incident response plan and policy. This plan will include an investigation to determine what the potential consequences are. JumpCloud will notify all data subjects within 72 hours of becoming aware of a breach.
• Incident management type: Supplier-defined controls
• Incident management approach: JumpCloud has a monitoring and incident management process to ensure the security of the platform.; ; Any incidents should be reported via the JumpCloud Support Portal.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Tackling economic inequality
  • Equal opportunity

  Tackling economic inequality

  ITHQ runs a corporate social responsibility programme called Life In IT in South East England. Life In IT allows us to recondition tech devices donated from businesses headed for disposal and pass them on to local non- profit organisations that put them to great use. Schools in particular are now benefitting from free technology that creates fresh learning opportunities through increased access to education platforms for more students.

  Equal opportunity

  To specifically address equal opportunity, our Life In IT programme prioritises collaboration with schools that support students from diverse backgrounds, including low-income families, minorities, and those with disabilities. We provide customised technology solutions that cater to a wide range of learning needs and styles, thereby ensuring all students have the opportunity to succeed. By doing so, ITHQ is committed to creating a more inclusive educational environment where every student, regardless of their socioeconomic status or background, can benefit from equal access to high-quality digital education.

Pricing

• Price: £6.84 to £17 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Free trial for up to 10 users; includes all Pro and Premium features, and free access to JumpCloud engineers for your first 10 days

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidteam@ithq.pro. Tell them what format you need. It will help if you say what assistive technology you use.