is a luxury real estate firm for properties in the Tahoe/Reno/Vegas area with more than $1.5 billion in annual sales. With 12 offices to manage and a remote work transition to navigate, Chase International鈥檚 IT manager, Justin Price, wanted to select a directory service that would help the company remain agile and achieve regulatory compliance.
- Organization: Chase International
- Size: 60 full time users; 400 independent contractors
- Location: Corporate office in Reno, Nevada; 12 offices
- Problem: No directory service & unmanaged user machines
- Goal: Implement a directory service & achieve NIST compliance
Background: No Directory Service & COVID-19
Justin Price is an IT veteran with more than 10 years of Active Directory庐 experience. When he came to Chase International in February 2020, the company didn鈥檛 yet have a directory service in place, and user machines were unmanaged and unmonitored. Justin prioritized getting a directory service in place to remedy the fact that users were local admins on their machines and often shared passwords in their offices.
IT Manager, Chase International
鈥淚t was a priority from day one,鈥 he said. 鈥淲ithout directory services, there鈥檚 really no way to manage your user base. Whether it was 黑料海角91入口庐 or Active Directory, something needed to be done.鈥
The process became more urgent when the company faced the COVID-19 pandemic and stay-at-home orders that forced all 12 offices of the organization’s office to move to a remote model.
Challenges: Unmanaged Users & Machines
Justin searched for a solution that he could use for access control, system management, and monitoring. With the arrival of the pandemic, he knew he needed an identity and access management (IAM) solution that wouldn鈥檛 require on-premises infrastructure or VPNs to function correctly for a remote workforce.
鈥淭he COVID-19 crisis necessitated a breakneck turnaround on providing a suddenly remote workforce with an IT system that could manage user passwords, push applications and updates to computers, control group policies, provide IT with reporting information to monitor the information security environment, and do all of that from outside the office without the challenges associated with users trying to connect via VPNs to internal domain controllers or resources,鈥 Justin said.
That effectively ruled out AD. Justin didn鈥檛 seriously consider Okta or Jamf either. The former had strong single sign-on (SSO) capabilities but couldn鈥檛 serve as a standalone directory service for the organization, and the latter couldn鈥檛 manage the organization鈥檚 Windows machines or server. Instead, Justin wanted to find an all-in-one solution for access control and device management.
Justin was also interested in a solution with integrated tools to monitor his fleet of machines and return authentication logs as the company gears up for NIST 800-171 compliance, which will require records of who logged in, where they logged in from, and what they logged into, among other data.
Solution: All-in-One Cloud Directory Service
Justin found 黑料海角91入口 Cloud Platform and quickly made the decision that it would help the organization navigate the remote work transition and achieve regulatory compliance.
鈥淭o have everything in one place was awesome,鈥 he said. 鈥淚t only took me about two weeks to make up my mind.鈥
Justin first rolled out new systems to the organization’s full time employees 鈥 macOS庐 machines for the DevOps and executive teams and Windows庐 for the remaining users. He imported users from existing G Suite鈩 and Microsoft 365鈩 instances, sent them a 黑料海角91入口 activation email, and instructed them to download the 黑料海角91入口 agent on their new machines.
He could then deploy 黑料海角91入口 Policies to enable full-disk encryption and manage Windows updates, as well as begin monitoring the machines with System Insights鈩. System Insights returns key data about machines in a fleet, both through the web-based Admin Portal and via PowerShell and API, including hardware, software, and network configurations.
Because users are remote and Justin is running a lean IT department, he has users fill out a form if they need to download something, such as new software or a Google Chrome extension. He briefly grants them admin access on their machine and then runs a System Insights report afterward to verify they didn鈥檛 take any other admin actions on their machine.
鈥淪ystem Insights has been a lifesaver. It鈥檚 made my job much easier.鈥
He鈥檚 also begun to use Directory Insights鈩 to collect data about user authentications and run queries. Directory Insights provides a 360掳 view of admin changes in the directory and user authentications to applications, systems, networks, and more. Justin plans to use the Directory Insights logs for NIST compliance, as well as to help the company decide whether they bring users back into their offices.
鈥淒o we want to stay with a fully remote workforce?鈥 Justin said. 鈥淒o we want to do a hybrid? Or do we just want to bring everybody back in?鈥
Justin has begun to roll out 黑料海角91入口鈥檚 SSO portfolio, as a variety of real estate and broker platforms use SAML connectors. He鈥檚 also used 黑料海角91入口鈥檚 cross-platform command runner to deploy and execute commands on remote user machines.
鈥淭he commands feature has been incredibly useful,鈥 Justin said. 鈥淚鈥檝e been watching YouTube tutorials to get back up to snuff with PowerShell scripting and terminal scripting. You don鈥檛 really need anything else.鈥
Justin has also enrolled the organization鈥檚 macOS machines in 黑料海角91入口鈥檚 Apple MDM to be able to remotely lock, restart, shutdown, and wipe machines. He prioritized implementing the feature because the organization’s DevOps and executive teams, as well as Justin himself, use Macs.
鈥淲e have the keys to the kingdom, so if a Mac is stolen or lost I need to be able to kill it remotely to make sure our data is protected,鈥 Justin said.
Implementation: 鈥楥onsolidate Everything鈥
Beyond the rollout of the core 黑料海角91入口 platform, Justin used the integrated cloud RADIUS feature to establish unique user logins to WiFi, which is particularly important for the segment of the company that handles financial data.
鈥淚 finished the first RADIUS deployment, and it took less than 10 minutes,鈥 Justin said. 鈥淭hat was the fastest I鈥檝e ever done a RADIUS rollout.鈥
Justin added that users have been receptive to the overall 黑料海角91入口 rollout because it鈥檚 simplified their login process and helped them consolidate passwords.
鈥淚t鈥檚 actually been very easy for them and very well received,鈥 Justin said. 鈥淧reviously, there was no syncing, so their computer login would be different from their email. Without SSO, they鈥檇 have all these different passwords for everything, so it鈥檚 been very useful to consolidate everything.鈥
Chase International is an umbrella for a variety of real estate services with 60 full time users and 400 real estate agents and brokers who work as independent contractors and who pay technology fees for basic services like email. Justin is proposing that contractors who pay increased technology fees are provided more IT services and management, which he could also accommodate from 黑料海角91入口.
The Result
Now that Justin has 黑料海角91入口 rolled out, he has time to step back and establish the organization’s first written policies. He plans to document policies for onboarding and offboarding, data retention, reporting, admin accounts, and eventually NIST compliance 鈥 as well as to systematically audit and ensure adherence to those policies across the organization. 黑料海角91入口 also enabled the team to stay safe and secure during a difficult time.
鈥淎lthough the last few months have been extremely challenging for our organization and employees, I cannot imagine what it would have been like without 黑料海角91入口 to bring everything together in such a complete manner quickly and efficiently, while also allowing us to do so from a safe distance,鈥 Justin said.
As compared to the costs of a traditional Active Directory instance 鈥 including servers, licensing, and redundancy 鈥 黑料海角91入口 has been more effective and economical.
鈥満诹虾=91入口 continues to deliver a high return on investment for my department, my users, and the company as a whole.鈥
Learn More
At 黑料海角91入口, we prioritize securing and enabling organizations 鈥 no matter where their users and devices are located. Our full-suite cloud directory service can serve as an organization’s identity provider and federate core identities to virtually all IT resources. Click here to learn more about the comprehensive access control and device management you can achieve from the cloud.