JumpCloud Integration Guide
Overview
The JumpCloud integration allows your NINA workflows to seamlessly connect with JumpCloud for policy management, system compliance, and device administration. This integration enables you to manage policies, retrieve compliance status, handle policy associations, and monitor system policy results directly from your workflows.
Status
We currently support comprehensive policy management operations and compliance monitoring:
✅ Currently Supported:
- Policies: Full CRUD operations (create, get, list, update, delete)
- Policy Associations: List and manage associations between policies and systems/system groups
- Policy Traversal: Find systems and system groups bound to policies (direct and indirect bindings)
- Policy Results: Retrieve policy execution results and compliance status
- Policy Status: Get latest policy status and compliance information for policies and systems
- Policy Templates: Retrieve and list available policy templates
❌ Not Yet Supported: For comprehensive functionality beyond policy management, please refer to the JumpCloud API 2.0 Documentation for additional resources including:
- Applications: Management of SSO applications and configurations
- Commands: Remote command execution and management
- Directories: LDAP directory services management
- GSuite: Google Workspace integration and user provisioning
- Office 365: Microsoft Office 365 integration and user management
- Radius Servers: RADIUS authentication server configuration
- System Groups: Management of system groups and their properties
- Systems: Individual system management and configuration
- User Groups: User group management and permissions
- Users: User account management and provisioning
- Organization: Organization-level settings and configuration
Credential Configuration
Before using the JumpCloud integration in your workflows, you need to configure credentials for authentication. The NINA platform supports two authentication methods for JumpCloud:
Authentication Methods
1. API Key (Recommended)
For standard API access to your JumpCloud organization:
| Field | Description | Example |
|---|---|---|
| API Key | Your JumpCloud API key from the admin console | abc123def456ghi789... |
How to get your API Key:
- Log in to your JumpCloud Admin Console at https://console.jumpcloud.com
- Navigate to Settings → API Keys
- Click Generate New API Key
- Give the key a descriptive name (e.g., "NINA Integration")
- Copy the generated API key
2. System Context
For system-specific authentication using signatures:
| Field | Description | Example |
|---|---|---|
| System ID | System ID for context authentication | 5f4d7c8e9a1b2c3d4e5f6789 |
| System Date | System date for signature (RFC format) | Tue, 10 Nov 2009 23:00:00 GMT |
| System Signature | System signature for authentication | HmacSHA256Signature... |
Creating a JumpCloud Credential
-
Navigate to the Credentials section in NINA
-
Click Add New Credential
-
Fill in the credential details:
- Name: A descriptive name (e.g., "JumpCloud Production")
- Description: Optional details about the credential's purpose
- Integration Service: Select "JumpCloud"
- Auth Type: Choose "API Key" or "System Context"
- Fill in the authentication fields based on your selected auth type
-
Click Test Connection to verify credentials
-
Click Save to store the credential
Supported Resources and Operations
The JumpCloud integration supports the following resources and operations:
Policy
| Operation | Description |
|---|---|
| Create | Creates a new JumpCloud policy |
| Get | Retrieves details of a specific policy |
| List | Retrieves all policies for the organization |
| Update | Updates an existing policy |
| Delete | Deletes a policy |
Policy Association
| Operation | Description |
|---|---|
| List | Returns direct associations of a policy (systems and system groups) |
| Manage | Adds or removes associations between policies and systems/system groups |
Policy Traversal
| Operation | Description |
|---|---|
| Get Systems | Returns all systems bound to a policy (directly or indirectly) |
| Get System Groups | Returns all system groups bound to a policy (directly or indirectly) |
Policy Result
| Operation | Description |
|---|---|
| Get | Retrieves a specific policy result by ID |
| List for Policy | Returns all policy results for a specific policy |
| List for Organization | Returns all policy results for the organization |
Policy Status
| Operation | Description |
|---|---|
| List for Policy | Returns the latest policy results for a specific policy |
| List for System | Returns policy results for a particular system |
Policy Template
| Operation | Description |
|---|---|
| Get | Retrieves a specific policy template by ID |
| List | Returns all available policy templates |
Parameter Merging and Templating
The JumpCloud integration takes full advantage of NINA's parameter merging and templating capabilities:
Parameter Sources (in order of precedence)
- Node Parameters: Parameters configured directly in the JumpCloud Integration Node
- Extracted Parameters: Parameters automatically extracted from the input data
- Input Data: The complete input data from upstream nodes
When a JumpCloud Integration Node executes:
- It combines parameters from all sources
- Node parameters take precedence over extracted parameters
- Template variables within parameters are processed (using
{{variable_name}}syntax) - The combined parameters are used to execute the JumpCloud operation
Example: Creating a JumpCloud Policy
Basic Policy Creation
Below is an example of creating a basic JumpCloud policy using the Integration Node:
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policy",
"operation": "create",
"parameters": {
"policyData": {
"name": "Security Compliance Policy",
"template": "windows_security_baseline"
},
"additionalFields": {
"xOrgId": "your-org-id"
}
}
}
Creating a Policy with Template Variables
You can use template variables to dynamically insert values from input data:
Input Data from Previous Node:
{
"compliance": {
"type": "Security Baseline",
"environment": "Production",
"department": "Engineering"
},
"policy_template": "windows_security_baseline"
}
Node Configuration with Template Variables:
{
"integration_service": "jumpcloud",
"resource": "policy",
"operation": "create",
"parameters": {
"policyData": {
"name": "{{compliance.environment}} {{compliance.type}} - {{compliance.department}}",
"template": "{{policy_template}}"
}
}
}
Result:
This will create a JumpCloud policy with:
- Name: "Production Security Baseline - Engineering"
- Template: "windows_security_baseline"
Example: Managing Policy Associations
Associating a Policy with Systems
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyAssociation",
"operation": "manage",
"parameters": {
"policyId": "5f4d7c8e9a1b2c3d4e5f6789",
"associationData": {
"op": "add",
"type": "system",
"id": "5a1b2c3d4e5f67890abcdef1"
}
}
}
Listing Policy Associations
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyAssociation",
"operation": "list",
"parameters": {
"policyId": "5f4d7c8e9a1b2c3d4e5f6789",
"targets": ["system", "system_group"]
}
}
Example: Retrieving Policy Compliance Status
Getting Policy Status for a System
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyStatus",
"operation": "listForSystem",
"parameters": {
"systemId": "5a1b2c3d4e5f67890abcdef1",
"returnAll": true
}
}
Getting Policy Results with Filtering
Input Data:
{
"system_id": "5a1b2c3d4e5f67890abcdef1",
"compliance_check": {
"date_range": "last_week",
"status_filter": "failed"
}
}
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyStatus",
"operation": "listForSystem",
"parameters": {
"systemId": "{{system_id}}",
"options": {
"filter": ["status:eq:failed"],
"limit": 50
}
}
}
Example: Working with Policy Templates
Listing Available Policy Templates
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyTemplate",
"operation": "list",
"parameters": {
"returnAll": true,
"options": {
"sort": ["name"]
}
}
}
Getting a Specific Policy Template
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyTemplate",
"operation": "get",
"parameters": {
"id": "5f4d7c8e9a1b2c3d4e5f6789"
}
}
Example: Policy Traversal Operations
Finding All Systems Bound to a Policy
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyTraversal",
"operation": "getSystems",
"parameters": {
"policyId": "5f4d7c8e9a1b2c3d4e5f6789",
"options": {
"limit": 100,
"filter": ["os:eq:windows"]
}
}
}
Finding System Groups Bound to a Policy
Node Configuration:
{
"integration_service": "jumpcloud",
"resource": "policyTraversal",
"operation": "getSystemGroups",
"parameters": {
"policyId": "5f4d7c8e9a1b2c3d4e5f6789",
"options": {
"returnAll": true
}
}
}
Troubleshooting
| Issue | Resolution |
|---|---|
| Authentication failures | Verify your API key is correct and active. Check that the key has appropriate permissions for the operations you're attempting. |
| "Policy not found" errors | Verify the policy ID is correct. You can find policy IDs by listing all policies first. |
| "System not found" errors | Ensure the system ID exists and is accessible with your current credentials. |
| Permission errors | The API key must have sufficient permissions for the requested operation. Check your JumpCloud admin permissions. |
| Rate limiting | JumpCloud has API rate limits. Implement delays between operations if you encounter rate limiting errors. |
| Invalid policy template | Verify the policy template ID exists by listing available templates first. |
| Organization ID errors | For multi-org environments, ensure you're providing the correct xOrgId parameter. |
| Filter syntax errors | Check filter syntax - use format like field:operator:value (e.g., status:eq:active). |
Best Practices
-
Use Descriptive Policy Names: Make policy names clear and specific - they'll be shown in the JumpCloud console and reports.
-
Leverage Template Variables: Use
{{variable_name}}syntax to dynamically insert values from input data. -
Set Default Parameters: Configure default parameters in the node that can be overridden by input data when needed.
-
Test with Policy Templates: Use the policy template operations to understand available templates before creating policies.
-
Monitor Policy Compliance: Regularly check policy status and results to ensure systems remain compliant.
-
Use Filters Effectively: Learn JumpCloud's filter syntax to efficiently retrieve specific data rather than fetching all records.
-
Batch Operations When Possible: When managing multiple policy associations, consider batching them efficiently.
-
Handle API Limits: Be aware of JumpCloud API rate limits and implement appropriate delays.
-
Leverage Policy Traversal: Use traversal operations to understand complex policy-system relationships.
-
Secure Credentials: Keep your JumpCloud API keys secure. Use the system's built-in credential management rather than hardcoding values.
-
Multi-Org Support: For multi-organization environments, always specify the
xOrgIdparameter to ensure operations target the correct organization. -
Policy Creation Complexity: Note that JumpCloud recommends using the Admin Console for creating complex policies due to the variety of configuration parameters. Use the API for simpler policy creation and management tasks.
Advanced Use Cases
Automated Compliance Monitoring
Create workflows that regularly check policy compliance across your infrastructure:
{
"integration_service": "jumpcloud",
"resource": "policyResult",
"operation": "listForOrganization",
"parameters": {
"options": {
"filter": ["status:ne:success"],
"sort": ["-timestamp"]
}
}
}
Dynamic Policy Assignment
Automatically assign policies to systems based on their attributes or group membership:
{
"integration_service": "jumpcloud",
"resource": "policyAssociation",
"operation": "manage",
"parameters": {
"policyId": "{{security_policy_id}}",
"associationData": {
"op": "add",
"type": "system_group",
"id": "{{production_systems_group_id}}"
}
}
}
Policy Drift Detection
Monitor for changes in policy associations and compliance status to detect configuration drift.
For more advanced use cases and additional API capabilities, refer to the JumpCloud API 2.0 Documentation.