Using Access Server With JumpCloud

Editor's Note: As of July 2022, Access Server now supports SAML natively.

JumpCloud’s Directory-as-a-Service® is a cloud-based platform enabling IT teams to securely manage user identities and connect them to resources they need regardless of provider, protocol, vendor, or location.

Access Server, built on the most widely-used and respected VPN protocol in the industry, provides powerful solutions to:

  • Secure data communications.
  • Provide secure remote access for employees and IoT.
  • Provide Internet privacy and networking cloud data centers.

Together, they combine powerful security with simple scalability.

Interested in learning how you can manage your IT resources, remote access, and network security with a combo that was built with your DevOps team in mind?

We'll show you how, step by step.

Steps to integrate Access Server with JumpCloud using LDAP-as-a-Service

Before you begin

For these steps, we assume you already have your Access Server set up as well as an account with the Directory-as-a-Service provider, JumpCloud. The following will help you to integrate the two so users can login to OpenVPN with their JumpCloud credentials. Access Server will refer to JumpCloud’s LDAP directory to authenticate users and grant access.

Create and configure a bind user

Begin by creating a user in JumpCloud that will make the handshake and has the authority to scan the LDAP tree. This is called the Bind User.

From your JumpCloud console, create a new user through Manual user entry. Define the following:

  • Username (make sure this is a unique name such as LDAP).
  • Email (JumpCloud requires each user to have a unique email).
  • Click on Specify initial password, rather than sending a welcome email and define the Bind User’s password.
  • Click on Enable as LDAP Bind DN (click OK if you receive a pop up that your user must also be enabled in the JumpCloud LDAP directory).
  • Save your user.

Once you’ve created your Bind User, click on it to open the details. Under LDAP Distinguished Name, you’ll copy that information over to Access Server in the steps below.

Set up Access Server for LDAP

Navigate to your Access Server Admin Web UI and login as an administrator. Follow these steps to define the LDAP configuration:

  1. Click Authentication > LDAP.
  2. Fill out the settings for these fields:
    Primary server ldap.jumpcloud.com
    Use SSL to connect to LDAP servers ‘Yes’
    Credential for Initial Bind ‘Yes’ for Use these credentials
    Bind DN Copy and paste the LDAP Distinguished Name LDAP query from your JumpCloud Bind User. Example:
    uid=LDAP,ou=Users,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com
    Password Enter the password you defined for your Bind User
    Base DN for User Entries Copy and paste the LDAP query from your bind user, starting with “ou=Users”. Example:
    ou=Users,o=[ORGANIZATION_ID],dc=jumpcloud,dc=com
    Username Attribute uid
  3. Click Save Settings.
  4. If you do not currently have authentication set to LDAP, click Use LDAP at the top of the page or under Authentication > General.
  5. Click Update Running Server.

Assign JumpCloud users to LDAP directory

For Access Server to find your JumpCloud users, they must be enabled in the JumpCloud LDAP directory. If they are not, you can do so by clicking on Directories/LDAP, clicking on JumpCloud LDAP and selecting them under the Users tab. You can also do this one user at a time from the Users section.

Now that your users are enabled in the LDAP directory and you have set up your Access Server to authenticate over LDAP, they can login to your VPN using their JumpCloud credentials.

Troubleshooting

We provide detailed troubleshooting guides on our site:

Here are a few specific areas you may find with your JumpCloud setup:

If a user can’t login, use the authcli tool to see what’s happening

  • With root access on your Access Server machine, change directory to /usr/local/openvpn_as/scripts/
  • Use this format for the tool:
    ./authcli --user [USERNAME] --pass [PASSWORD]
  • Here’s a sample output of a successful authentication attempt with JumpCloud:

If you get the error user not found from authcli

  • It’s likely that you need to enable your user in the JumpCloud LDAP Directory. Refer to “Assign JumpCloud Users to LDAP Directory” above.

OpenVPN & Jumpcloud co-hosted a FREE webinar

We recorded the great tutorial so you could watch it for free. Here’s what it covers:

  • Managing access between employees and contractors – so each user is only granted the resources they actually need
  • Simplify logins for your team – with ONE password for everything from VPN to SaaS
  • Make sure your data stays powerfully secure as your team grows

Meet our webinar co-hosts

Johan Draaisma

Access Server Product Manager, OpenVPN

With a background in data centers and network architecture in cloud environments, Johan has spent nearly a decade working for OpenVPN, Inc. to support customers with the complexities of integrating Access Server into their various networking environments. Now, as the project lead for Access Server, he guides the team towards an ever-improving VPN server product.

Greg Keller

Chief Strategy Officer, JumpCloud

Greg Keller is a career product visionary and executive management leader. With over two decades of product management, product marketing, and operations experience ranging from startups to global organizations, Greg excels in successful go-to-market execution.

How does Ldap-as-a-Service work with Access Server?

Picture this: a growing web content publishing company provides content for high-traffic websites and portals.

A majority of their employees are freelance and/or remote, so they use Access Server to provide VPN access to their HQ corporate network systems, which run the publishing workflow, timekeeping, and payroll services.

They have plans to expand worldwide and adopt SaaS tools — like Adobe Creative Cloud — to replace some of their legacy systems.

The problem is, as the number of their employees grows, it’s becoming more and more difficult to maintain user accounts in local Access Servers — and complexity will only increase as they add new locations.

So how exactly can this company:

  • Centrally store employee information?
  • Manage access between employees and contractors?
  • Simplify login for their team?
  • Make sure their data remains secure as their team grows?

The answer? Access Server combined with JumpCloud’s LDAP-as-a-Service solution.

VPN + LDAP authentication = powerful security

JumpCloud’s LDAP authentication system can be used to enforce secure passwords, add Multi-Factor Authentication, and secure SaaS applications. Combining this identity management with access control through Access Server gives you the simplicity to grant contractors with limited access to services within your corporate network.

JumpCloud and Access Server together means you won't have to sacrifice security for convenience – your team will get ease-of-use, with your network will be built on the strongest protocol in the business.

Plus, JumpCloud's service is a managed solution, so the IT department does not have to install, maintain or grow the LDAP servers or the rest of the directory infrastructure – it’s all built in!

All too often, a company’s network security is either too complicated — or ineffective.

But to truly be effective, it can’t be complicated.

 

LDAP + VPN combines the best of both worlds

Employees can use the same login info across the board — and security is stronger than ever.

 

LDAP-As-A-Service maximizes VPN security & simplicity

These two powerful tools combined can simplify – and secure – your network resources.


Do more for your team with LDAP + VPN authentication

 

Ease of use for your team and powerful resources for IT.

Learn how Access Server can provide ultimate security – with JumpCloud's ease and efficiency. Watch the free recorded webinar today.