{"id":63037,"date":"2022-05-20T11:00:00","date_gmt":"2022-05-20T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=63037"},"modified":"2023-01-11T12:59:47","modified_gmt":"2023-01-11T17:59:47","slug":"create-a-jumpcloud-managed-vpn-using-pritunl","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/create-a-jumpcloud-managed-vpn-using-pritunl","title":{"rendered":"How to Create a 黑料海角91入口-Managed VPN Using Pritunl"},"content":{"rendered":"\n

It\u2019s the worst-kept secret in IT: small and medium-sized enterprises (SMEs) must use their budgets judiciously<\/a>. The cost of network hardware, in particular, can be a major obstacle that places constraints on what IT admins can accomplish. The domainless enterprise<\/a> presents a solution, minus the expensive hardware to manage your directory and access control (and especially your VPN). This makes strong perimeter security achievable at sustainable costs.<\/p>\n\n\n\n

黑料海角91入口 provides identity and access management (IAM) infrastructure through the cloud that you can configure to manage Pritunl<\/a>, an open source VPN that\u2019s based on OpenVPN<\/a>. 黑料海角91入口 provides your directory of users and devices or will extend your existing directory. OpenVPN is a mature, widely used solution<\/a> that\u2019s been available for over two decades. It\u2019s functionally the same as VPN appliances that you\u2019d pay a reseller to obtain at high cost<\/em>.<\/p>\n\n\n\n

The benefits extend beyond connectivity: 黑料海角91入口 layers on additional Zero Trust security<\/a> controls that are transparent to the end user beyond being prompted to authenticate themselves when they\u2019re accessing IT resources. This solution protects your confidential information and systems while reducing the costs that are traditionally associated with remote IT access.<\/p>\n\n\n\n

黑料海角91入口 Manages and Secures<\/h2>\n\n\n\n

黑料海角91入口\u2019s LDAP directory underpins access control and has integrated Zero Trust security features that continuously authenticates and authorizes users. The cloud directory extends to single sign-on (SAML SSO) to direct users to the 黑料海角91入口 portal for authentication. 黑料海角91入口 then layers on security features, including environment wide multi-factor authentication<\/a> (MFA) and conditional access, to determine which devices may access your VPN and from where.<\/p>\n\n\n\n

Other features manage and secure your devices, cross-OS, with patching and pre-built policies<\/a> that act to harden systems against common security exploits. Conditional access<\/a> leverages these capabilities so that only compliant devices are granted access to your VPN. This added security is accomplished without installing and maintaining additional software or hardware.<\/p>\n\n\n\n

Streamlined User Lifecycle Management<\/h3>\n\n\n\n

The 黑料海角91入口 directory handles permissions differently than traditional on-premise solutions such as Microsoft\u2019s Active Directory. They\u2019re similar in that access to your VPN is determined by group membership(s), but 黑料海角91入口\u2019s user management is designed for the modern era. 黑料海角91入口 utilizes attribute-based access control<\/a> (ABAC), which suggests membership changes when a user should (or shouldn\u2019t) have access to IT resources. Attributes such as \u201cmanager\u201d are actively polled to verify memberships, which saves time managing users and helps IT admins avoid potential security issues from internal and external threat actors.<\/p>\n\n\n\n

This capability isn\u2019t limited to the 黑料海角91入口 directory. Our platform integrates and extends existing directories such as Active Directory, Azure AD, or Google Workspace. 黑料海角91入口\u2019s platform provides vital cross-OS Zero Trust management and security that those systems lack.<\/p>\n\n\n\n

Now, let\u2019s discuss how to get started with integrating 黑料海角91入口 and Pritunl. Detailed guidance about how to install<\/a> or subscribe to Pritunl managed services can be found on its website.<\/p>\n\n\n\n

黑料海角91入口 Setup<\/h2>\n\n\n\n

The initial step is to create a custom SSO connector for Pritunl. 黑料海角91入口 provides hundreds of free connectors as part of your subscription, and is routinely adding more, so search for it before you move ahead with this project. Continue to the next section if one isn\u2019t available.<\/p>\n\n\n\n

Create a SAML Connector<\/h4>\n\n\n\n

Click the SSO button in the left frame of the administrative console and hit the \u201cplus\u201d sign to start a new SSO connection. Select \u201cCustomer SAML App\u201d and begin by filling in the requisite information to label your connector and choose a color scheme and logo. More context is available in 黑料海角91入口\u2019s SAML how-to article<\/a> should you have any additional requirements.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Then, navigate to the SSO tab and enter an Entity ID that\u2019s unique to your organization\u2019s environment. The settings on this screen are case-sensitive on both systems; any typo will result in errors and the integration will fail. Your Pritunl FQDNs and 黑料海角91入口 IDs may differ, but the fields should be formatted as outlined below:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Follow the URL\/URI formats precisely<\/em><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The redirect endpoint ensures that 黑料海角91入口\u2019s console will be used to log users into the VPN<\/em><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Pritunl requires the \u201corg\u201d attribute for group memberships<\/em><\/p>\n\n\n\n

Activate the 黑料海角91入口 SSO connector once you\u2019re finished and download the certificate. You\u2019ll be required to copy the key into Pritunl\u2019s GUI in a later step.<\/p>\n\n\n\n

Setup Groups and Permissions<\/h4>\n\n\n\n

Click on the User Groups tab and add the group(s) that should have access to the VPN service. The link below is a detailed guide for admins who are unfamiliar with using 黑料海角91入口.<\/p>\n\n\n\n

Getting Started: User Groups<\/a><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Group membership grants access rights to the VPN<\/em><\/p>\n\n\n\n

<\/em>Pritunl VPN will be available within the 黑料海角91入口 User Console<\/em><\/p>\n\n\n\n

Pritunl SSO Setup<\/h2>\n\n\n\n

Pritunl has 黑料海角91入口 listed as an authentication provider. Pull down the list, select 黑料海角91入口, and select \u201cadd provider\u201d to start the process of filling in Identity Provider settings.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The settings will be identical to what you entered into the 黑料海角91入口 admin console. Cut and paste the certificate from a text editor when you open the certificate on your PC. This integration also requires a 黑料海角91入口 API key from your console, which will be outlined in the next section. Both of these entries are confidential and should be kept private and carefully controlled.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Your 黑料海角91入口 API key may be reviewed by clicking on your user icon at the top right of your console. Note: Generating a new key will revoke prior keys and could break prior integrations.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

You\u2019re now ready to test your configuration.<\/p>\n\n\n\n

Add Zero Trust Security from 黑料海角91入口<\/h2>\n\n\n\n

Strongly consider adding Zero Trust security controls with 黑料海角91入口 Conditional Access<\/a> Policies. These policies extend security beyond strong passwords and MFA alone.<\/p>\n\n\n\n

Policies are assigned to existing groups or you may create dedicated groups for your requirements. Different groups may have different policies (or no policies). Policies include:<\/p>\n\n\n\n