The challenge  

In enterprises, human resources (HR) teams work in tandem with other teams to provision accounts for new hires and deprovision accounts when employees leave. Apart from user account provisioning and deprovisioning, there will be timely requests to update profiles when the users want to change their personal information or move to a different team or location. This dependency on HR and other teams can create bottlenecks in employee onboarding and increase security risks when the access rights of former employees are not revoked in time.

The solution  

Integrating JumpCloud with ADManager Plus allows you to synchronize data stored in JumpCloud with AD. ADManager Plus' integration with JumpCloud aims to improve the efficiency and security of employee onboarding, modification, and offboarding processes.

Benefits of HR-driven life cycle management  

• Accelerate the employee onboarding process.

• Mitigate potential compromise of ex-employee accounts.

• Synchronize updates made in the HR system with AD.

• Keep stakeholders, such as managers, appraised about employee onboarding, offboarding, and account modifications.

• Minimize dependency on external teams.

Integration overview  

When ManageEngine ADManagerPlus is integrated with JumpCloud, it can perform the following actions based on the users' attribute values in JumpCloud.

When this integration is in place, admins will be able to provision, modify, and deprovision AD users automatically based on the respective details entered in JumpCloud.

Prerequisites  

You must have an API key which will be passed in as a header called x-api-key. If you have admin access, follow the steps given in this JumpCloud documentation to retrieve the key. Otherwise, contact your JumpCloud admin.

Having appropriate permissions lets ADManager Plus fetch information from the following data fields in JumpCloud.

Configuration steps  

Steps to configure JumpCloud settings in ADManager Plus

1. Go to the Automation tab.

2. Click HCM Integrations under Automation in the left pane.

3. Under the HCM applications section, click the Custom HCM tile.

4. In the Custom HCM Integration window that pops up, enter a suitable Name, Description and upload a Logo of JumpCloud and hit Save.

5. Click the JumpCloud Integration tile added in the previous step to configure the API authorization methods, endpoints, and LDAP data mapping.

6. Click Authorization and select the Authorization Type as API Key.

After selecting the API key as the authorization type:

1. Enter the key name and value obtained from the above steps in the Key and Value fields, respectively.

2. Associate the key to a header or query parameter using the Add To drop-down menu and click Configure.

7. In the JumpCloud Endpoint Configuration section, click Add API Endpoint and add the following:

• In the Endpoint URL field, enter https://console.JumpCloud.com/api/systemusers

• Click Advanced Options to add headers and parameters.

• Choose Get in the Method section.

Refer to this link to find the details about the headers, parameters, and message type. Configure the below parameters accordingly:

• Headers: Click and configure the respective headers.

• Parameters: Click and configure the query parameters.

• Message type: Select the data type as JSON.

• Select the Repeat calling this Endpoint option to repeatedly call the API until you get the required response. From the drop-down menu, select the parameter and specify the increment value. You can also set a condition. When it's satisfied, the endpoint will be called repeatedly.

Note: You can configure multiple endpoints for a HCM solution.

8. Once done, click Test & Save. A response window will display all the requested elements.

9. Click Data Source - LDAP Attribute Mapping to map endpoints and AD LDAP attributes with the respective attributes in the HCM solution.

10. Enter the Configuration Name, Description and select a category from the Automation Category drop-down.

11. In the Select Endpoint field, select those columns that are unique to users (employeeIdenifier, username, etc.) but hold the same value in all the endpoints.

12. In the Attribute Mapping field, select the attribute from the LDAP Attribute Name drop- down menu and map it with the respective column in the HCM solution.

For example:

1. Select the endpoint created and select the attribute id from the drop-down.

2. Map the AD LDAP attributes with the corresponding JumpCloud additional field which will be created in AD.

13. Click Save.

Steps to automate user provisioning in ADManager Plus

ADManager Plus' Automation feature simplifies the process of configuring and scheduling user provisioning, deprovisioning, and reprovisioning from JumpCloud, allowing you to automatically perform the task without the need for manual labor.

Follow the below steps to automate user provisioning effortlessly:

1. Click the Automation tab.

2. From the left pane, click Automation.

3. Click Create New Automation in the top-right corner.

4. Enter a suitable automation name and description.

5. Select User Automation from the Automation Category drop-down list.

6. Choose a domain and OU.

7. In the Automation Task/Policy section, choose the desired task (Create Users, Modify User Attributes) or an automation policy from the drop-down list.

8. In the Select objects section, select Data from JumpCloud.

9. Set your execution date and time.

10. Click Save.

How does the integration work?  

In ADManager Plus, create an automation that will run at a set frequency to provision users. When the automation is executed, ADManager Plus will fetch user data from JumpCloud by initiating  the API calls configured in earlier steps.

Once ADManager Plus receives data from JumpCloud, it will be stored in the product's built-in PostgreSQL database (or in your Microsoft SQL database), and the corresponding changes will be made in the AD environment.

What information is stored in ADManager Plus?