Conditional Access allows an IdP to bind authorization to more parameters than just a correct password and MFA. For example, it also takes into account device status and context. Jumpcloud now allows you to do this in conjunction with CrowdStrike. How this works and all the details below.
.png?width=2441&height=1725&name=Architektur%20Workshop%20Template%20-%20Jumpcloud%20(2).png)
What this is all about
- We integrate Jumpcloud as IdP and MDM with CrowdStrike
- We simplify securing access to company resources based on Zero Trust and link it to several conditions
How it works
The integration is very simple, so this is probably the shortest know-how article I've ever written. In Jumpcloud, we have the following attributes to choose from as an extended context for the conditional access policy:
- Device Management
- Disk Encryption
- IP Address
- Location
- Operating System
- EDR Agent CrowdStrike (Version)
- EDR Agent CrowdStrike (ZTA Score)
- Managed Chrome Browser
- Managed Chrome Profile
I can also select several conditions in a policy and link them either "OR" or "AND", which gives me more flexibility. Here, for example, we have our internal policy, which always performs 4 checks before giving a user access to our tenant. The group assignment for specific applications is controlled in Jumpcloud directly in the application.
As you can see here, we check whether the user is coming from a Jumpcloud managed device, whether their hard disk is encrypted and whether CrowdStrike is running and the current (live) ZTA score (the higher the more secure) is higher than 80. Only then will a user be granted access to our IdP. The exact app assignment is then checked in a second step and assigned directly to the application.
For the CrowdStrike integration to work, you don't have to do anything except make sure that the devices are properly enrolled via Jumpcloud Go (the agent). The agent then reads the score and status on the devices themselves and forwards it to Jumpcloud live.
All in all, an extremely easy and convenient conditional access to configure. The more I work with Jumpcloud, the more I like the product. It opens my eyes more and more to how overcomplicated and cumbersome Microsoft actually is with Intune. It is precisely this simplicity that makes Jumpcloud stand out, and it is precisely this simplicity that makes a healthy security baseline really viable.
