JumpCloud Inc., which touts itself as the first directory-as-a-service provider, today extended administrative visibility into user accounts with a premium feature called Directory Insights that gives system administrators and security staff a centralized view of user activity around access to corporate resources.

The software logs all user and administrative changes to access privileges, group membership, password changes and other permission-based activities and makes consolidated reports available via a searchable database, the company said. JumpCloud said the feature eliminates the need to compile data from disparate log sources and eases the task of tracking down the cause of security breaches, troubleshooting access problems and ensuring that access rights are valid and consistent.

Founded in 2012, JumpCloud has raised more than $95 million, including a $50 million round last spring. It aims to simplify directory management for companies that have multiple user directories or that don’t want to go to the trouble of installing their own. Its directory provides core identity and access control services, multifactor authentication, single sign-on and integration with other popular directories such as Microsoft Corp.’s Active Directory and the neutral Lightweight Directory Access Protocol.

The company competes with cloud access security brokers and federated identity management platforms but distinguishes itself by the breadth of its offering, said group product manager Bill Mrochek.

Directory Insights goes beyond managing identities to enable administrators to get a consolidated view of user activities without having to patch together log files, Mrochek said. “This solution is built from the ground up to help people gather data in a more structured way,” he said. “We put a lot of work into the schema to make it a searchable resource.”

Directory Insights uses an agent on a connected device to gain full visibility into user activity across JumpCloud authentication endpoints, applications that support the Security Assertion Markup Language standard, LDAP directories, mobile data management logs and native Macintosh/Windows/Linux authentication. Administrative and user changes to access rights, group membership and passwords are also logged.

For example, if a user is locked out a resource that he or she expects to access, administrators can trace the source of the lockout, Mrochek said. “Or if there’s a breach you can see all the changes that led to the breach and that person’s remote accesses.”

Reporting is available through activity logs in the JumpCloud administrative portal or via an application program interface that enables administrators to manually search for, export and integrate data across third-party tools.

Directory Insights’ audit features provide the necessary reports to certify compliance with standards and procedures, including SOC2 and the Health Insurance Portability and Accountability Act and support an organization’s data policies for record storage and deletion.

The feature is being offered as a paid extension to the directory platform at a price of $3 per user per month billed annually.

Photo: Pixabay