黑料海角91入口

Case Studies

How an MSP Improved Consistency, Security, and User Experience for Clients Using 黑料海角91入口

Man in a green shirt using 黑料海角91入口's Multi-Tenant Portal from a laptop.

is a managed service provider (MSP) that also does wireless network design and provides wireless network services. SAF has been around since 2001, and they support business owners with everything they need from plugging in their printer to complex security services to disaster recovery. They are a one-stop-shop for your IT needs, and their motto is 鈥業.T. Made Simple鈥.

SAF鈥檚 roots come from professional services, and prior to becoming an MSP, they worked with some very large, notable corporations where they established effective processes for working with any size organization. After working with those large enterprises, SAF took those solid methodologies and leaned into them to help their clients that are small and medium-size enterprises. 鈥淲hat makes us different [compared to other MSPs out there], is our approach to how we solve the problems of our clients,鈥 stated Antonio Wint, Founder and CEO of Syn Ack Fin. 鈥淥ur approach is vetted, and it鈥檚 been proven successful in many different environments.鈥

SAF currently makes use of Active Directory (AD) and extends it with 黑料海角91入口 to get all of the features that they want across their environment, and they require clients to use 黑料海角91入口 or a similar tool in order to establish a working relationship. When discussing future plans, Wint told us, 鈥淲e are looking at retiring AD. We’re looking at it for all of our clients.鈥 This is primarily due to the bulkiness of AD, the learning curve it requires, and the prevalence of remote work across many organizations.

When discussing how 黑料海角91入口 entered the picture at SAF, Wint told us, 鈥淲e’re Apple partners, and we’ve been working with the Apple business unit within our area for some time. And we just kept coming 鈥 we just had so many challenges with Mac users and authentication and trying to keep it consistent, and it was just giving us fits. We were talking to our business development manager, and she said, 鈥楬ey, you might want to consider looking at a company that’s local to the Denver, Colorado area, they’re in Boulder, a company called 黑料海角91入口鈥. So we did our research, we met with some of the 黑料海角91入口 techs, did a demo, started using it internally, and we were sold.鈥 SAF has now been using 黑料海角91入口 for 5-6 years and hasn鈥檛 looked back since.

When further discussing how extensive SAF鈥檚 use of 黑料海角91入口 is, Wint mentioned, 鈥淸We use it for] Linux boxes, our SAML portals, our client portals 鈥 [we add] anything that supports single sign-on and connects via SAML or connects to our 黑料海角91入口 [instance].鈥

  • Organization: Syn Ack Fin
  • Location: Denver, Colorado
  • Problem: Dealing with client issues like: the lack of a password database, no centralized repository, no directory, and much more
  • Goal: Help clients extend or replace Active Directory with 黑料海角91入口, and add consistency into each client鈥檚 environment

Background

When describing what SAF鈥檚 fleet of devices looks like, Wint said, 鈥淲e use Windows internally, but we do have some users that are using Mac. Most of our clients are actually Mac clients. We tend to support a lot of software developers 鈥 software developers love Mac or Linux. So I would say more than half of our users are Mac, some are Windows, and then most of our server environments are Linux environments.鈥

He went on to say, 鈥淭hose Linux environments extend into our private cloud environment but also AWS. So if you’re looking at elastic cloud instances, we have the 黑料海角91入口 agent running inside of those for a number of our clients so that their users can access the system via the SSH protocol or other protocols.鈥

So, not only does SAF use 黑料海角91入口 internally to help manage their heterogeneous fleet of devices, but they also ask their clients to implement it to solve a multitude of glaring security, productivity, and consistency issues. 鈥淭he top problems we’re coming in to solve with 黑料海角91入口 are: [when clients have] no password database, no centralized repository, and/or no directory,鈥 Wint said. 

He continued on and said, 鈥淎 lot of the problems we’re solving [involve] identity management and making sure that there’s some cohesion and consistency with user accounts, [such as] the naming standard. [We also have to] make sure that they’re meeting password complexity requirements and make sure they’re introduced or understand MFA formally.鈥

For example, Wint told us that before implementing 黑料海角91入口, 鈥淲e will ask [a client], 鈥楬ey, so how do you know that a user has changed their password?鈥 and he says, 鈥業 don’t know if they’ve changed their password鈥. I have no idea if their password is password123鈥.鈥 This presents huge risks that SAF comes on board to mitigate using 黑料海角91入口鈥檚 various security and productivity-oriented features.

鈥淭hen once we solve those problems, we say, 鈥楬ey, did you know, we can also connect to this cloud application so that you’re using 黑料海角91入口 with that? We can also make sure that when someone’s VPNing into your network, that they’re using conditional access to access resources,鈥” stated Wint.

Examples of features SAF has used internally or set up for clients:

  • RADIUS
  • LDAP
  • SAML
  • SSO
  • MFA
  • Commands
  • Policies

There’s no way we can provide user management, password complexity, multi factor authentication [without the use of 黑料海角91入口]. It鈥檚 [all] become an integral part of what we do for our clients.

Antonio Wint, Founder and CEO, Syn Ack Fin

Challenge: Centralizing Identity and Access Management and Improving Consistency Across Clients

Syn Ack Fin鈥檚 primary challenges revolved around centralizing and providing more consistency across identity and access management within each client鈥檚 environment. SAF often deals with client issues like: a nonexistent password database, no centralized repository, no directory, no password controls, and inconsistent user account naming. 

Getting Buy-In for AD Extension or Replacement

The solution that SAF uses across the board involves getting clients to either 鈥淯se 黑料海角91入口 to extend Active Directory or just use 黑料海角91入口 [on its own].鈥 So, another challenge they faced was getting client buy-in up front. 鈥淲e could see the benefits of a mobile workforce and remote users and the management and control that we have [over it all using 黑料海角91入口], but a lot of our clients didn’t get it,鈥 Wint said.

He went on to tell us, 鈥淭hey thought we were just trying to sell them extra services, and then COVID happened. And we said, because you have 黑料海角91入口, everything’s okay, we can still control [everything], and they started to get it. So I think 黑料海角91入口 in some ways was ahead of the game, right? But now with COVID, it’s accelerated that and the clients now are a little more open to adding a 黑料海角91入口 solution to their environment.鈥

However, Wint also explained that, 鈥淧eople that are Active Directory people and Windows people, they get stuck in that world, and it’s really difficult to get them out of that world. But typically what we would do is say, 鈥楬ey, let’s extend your existing Active Directory with 黑料海角91入口 because of these feature sets鈥. And then we start to list what they don’t have in their current environment and what 黑料海角91入口 will provide for them. We actually have a client going through this right now, where they’re wondering, 鈥榃hy am I using Active Directory to manage any of my users? Why am I doing this at all?鈥. So, typically, after getting a client to implement 黑料海角91入口, their hesitation turns into motivation to fully migrate over or use more of 黑料海角91入口鈥檚 functionality to make their day-to-day lives easier.

Wint dived in further regarding AD and said, 鈥淗onestly, the bloat and the thickness of the Active Directory environment with primary domain controllers, backup domain controllers, global catalogs, FSMO roles… it’s just big. So, it works well for some corporations, but for small and medium sized businesses specifically, it can just be too much as far as the server load. So, if you’re looking for a smaller footprint, maybe you’re going completely remote, no more brick and mortar, certainly the 黑料海角91入口 solution is something that we’re asking our clients to consider for our professional services side or our wireless networking side. Again, for all our managed services clients, you’re getting 黑料海角91入口 as part of the gig.鈥

Avoiding the AD Learning Curve

One other challenge SAF faced was bringing new system administrators on board without sinking hundreds of hours into training them on the intricacies of AD. Wint said, 鈥淎ctive Directory is a beast, and there’s a lot to learn and train in there. And specifically, it tends to be a technology for more seasoned or senior systems administrators. We are bringing in younger administrators that do not necessarily have past experience with Windows Active Directory in its traditional format. Using 黑料海角91入口, I don’t have to train them on all the history of Active Directory. I can just train them on 黑料海角91入口.鈥

Solution: A Cloud-Based Directory Platform That Improves Compliance, Security, and Efficiency

Before COVID, 黑料海角91入口 was an option that we put on every contract, we didn’t require it. After and during COVID, we said you must have 黑料海角91入口 in order to do business with us. We found that it saves our team time and allows us to deliver a consistent level of service to our clients by using the tool, so now it鈥檚 a requirement.

Antonio Wint, Founder and CEO, Syn Ack Fin

As we discussed, Syn Ack Fin uses 黑料海角91入口 to push out MFA, SSO, and password complexity requirements; standardize usernames; improve network authentication security; and provide a central repository of identities and data among other things. Regarding internal use, Wint also said 鈥淲e use [黑料海角91入口] to extend our existing Active Directory environment into Office 365, our CRM tool, and our Mac systems which don’t connect directly to an AD environment.鈥

Compliance

When discussing clients, Wint told us, 鈥淸黑料海角91入口] integrates into their firewalls, their desktops, their Office 365, their G Suite. It just allows us to make sure if we’re going through some sort of audit, because we are a SOC 2 type audited business, that we’re able to confirm that the user environments that we’re managing are meeting the password complexity standards that we have established within our SOC 2 [framework].鈥

RADIUS and LDAP

SAF often promotes the use of Cloud RADIUS and Cloud LDAP to clients. Using 黑料海角91入口 as the single source of truth for identities, 鈥淵ou want to use RADIUS to authenticate your users so you can make sure they’re valid users, and if they’re not in 黑料海角91入口, then they don’t exist. So, if someone [on the outside] tries to authenticate, it doesn’t work because the RADIUS server won鈥檛 allow them in. Same thing with LDAP 鈥 you can use some LDAP features to authenticate users and additionally as a database for what’s going on with the users in the business environment,鈥 said Wint.

Erasure of Shared Network Keys

Along with the use of Cloud RADIUS and Cloud LDAP, Syn Ack Fin also promotes an overall reduction of passwords in use, as well as shared keys. 鈥淥ur clients no longer use pre-shared keys on their wireless networks. We connect their wireless network to 黑料海角91入口, and each user types in their username and their password when they log on [which then] authenticates them and connects them. At that point, when a user moves on to a different company for whatever reason, we don’t have to change the pre-shared key for the entire company. We just disable their account in 黑料海角91入口 and that person can’t log on to wireless anymore,鈥 Wint explained.

Rolling out 黑料海角91入口 for new Clients

Syn Ack Fin walked us through the process of rolling out 黑料海角91入口 for a new client. Wint said it goes like this: 鈥淎 lot of our processes are automated, and typically what we’re trying to do is grab a user database of information from HR or the number of users that they have in their G Suite or in their Office 365. We load those users into 黑料海角91入口 either manually or from a script, because you can import users in many different ways. Then once we have that set up, we go ahead and add our agent to each person’s machine.鈥

鈥淎nd then starts the task of building out consistency between the username syntax and the passwords, because sometimes the user’s laptop will say, 鈥楢ntonio.Wint鈥, their email says 鈥楢Wint鈥, and another device says just 鈥榃int鈥. So, we run through a process of figuring out how to get the names in sync and start to roll out 黑料海角91入口 to each component. Typically, we start with the laptop or desktop first, because the user is logging onto that system daily. [This] sets the tone of, 鈥楬ey, you’re going to remember this password, it’s going to be a complex password, and you’re using it all the time鈥.鈥

鈥淭hen, after they’re consistently using that, we address the perimeter. So, that would be the VPN, making sure their firewall and their wireless network are connected and using 黑料海角91入口, and then we start to add things like Office 365, G Suite, and other apps.鈥

Unique Use Cases Among Syn Ack Fin and its Clients

Wint explained one unique use case of 黑料海角91入口 across internal users and clients and it鈥檚 importance for an MSP: 鈥淎ll of our client firewalls are using 黑料海角91入口 for their end-users to log on to their firewall via VPN or through a user portal. [For] each one of the client firewalls that we support, our team does not have the default root or admin username and password. 黑料海角91入口 is actually connecting to our client’s 黑料海角91入口 instance and then our 黑料海角91入口 instance. So, as the administrators, we authenticate with our username and password that we’re using on our domain to that environment. What that allows me to do as an MSP is if I have an employee change roles or leave the company, once I disable that user’s account in our 黑料海角91入口 instance, they can’t log on to any of our client firewalls or any of our client networks either. So, it gives me additional security as the MSP.鈥

The Results

In terms of remote work, Wint talked about some of the advantages that 黑料海角91入口 provides. One big piece he mentioned is, 鈥淐onsistency with password changes.鈥 He went on to say, 鈥淭ypically in an Active Directory format, the person has to VPN in to headquarters or reconnect to the domain controller in order to get password updates or changes. [However], I can do that with 黑料海角91入口 with policies, and as soon as the user connects to the internet, it lets them know, 鈥楬ey, your password is about to expire, and you need to get it updated or changed鈥.鈥 

鈥淎ctive Directory doesn’t natively send you an email or some other notification that you need to change your password. [But], with the flexibility of 黑料海角91入口, I know the user is going to get a pop-up, an email notification, and they could possibly get another email notification a couple of hours before that. If someone’s remote, we can guarantee that they are using the right password and getting an update at a regular cadence.鈥

In terms of viewing device information, Wint said, 鈥淸黑料海角91入口 continues] adding even more information about a device so that if I click on a device, I can pull the IP address, Mac address information, serial numbers, just a lot of information I would [normally] get from my RMM tool. [But now], I don’t have to leave 黑料海角91入口 to go to that tool 鈥 I have that information on a single pane of glass in 黑料海角91入口 that I can review.鈥

Time Savings

An important result from implementing 黑料海角91入口 internally and across clients鈥 environments is that 鈥淚 no longer have to VPN into a client’s environment to work on their directory services or work with their users 鈥 it’s all in 黑料海角91入口. There’s time saved with the bookmarks and the SSO connections 鈥 my employees are not searching around for the URL anymore to access a site,鈥 said Wint. 鈥淥ur employees log on to console.jumpcloud.com as their portal. When they open up their web browser, it’s the first thing they see. They log onto that portal and then access SaaS apps from the portal.鈥

He went on to say, 鈥淸Employees go] to the dashboard and everything they need is right there 鈥 they just click on the links. We were able to put those links and bookmarks and SSO [apps] into groups so that the Finance department has finance bookmarks, but they don’t see the Systems Administration or the Operation department鈥檚 bookmarks. So, it’s certainly more efficient 鈥 it’s very clean.鈥

Future-Proofing Work

When going over future plans and why 黑料海角91入口 will remain an integral part of Syn Ack Fin鈥檚 tech stack, Wint said, 鈥淚 continue to work with 黑料海角91入口, because I know the product is moving in a direction that I can continue to sell as a managed services provider. When we have brought up challenges or feature requests or any support tickets, it’s all handled in a very professional and prompt manner. As an MSP or someone that’s delivering a service, technical support is critical to me.鈥 

黑料海角91入口 is critical for our clients, and the 黑料海角91入口 roadmap is very much aligned with a managed service provider and what I’m trying to do as an MSP.

Antonio Wint, Founder and CEO, Syn Ack Fin

Learn More

黑料海角91入口 changes the way IT administrators manage their organizations by providing a comprehensive and flexible cloud directory platform. From one pane of glass, manage user identities and resource access, secure Mac, Windows, and Linux devices, and get a full view of your environment. 

Get started with 黑料海角91入口 today.

About 黑料海角91入口

The 黑料海角91入口 Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.