JumpCloud is a Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business's employees and the systems and IT resources they need access to.
This document provides information about the JumpCloud Connector, which facilitates automated interactions, with a JumpCloud server using FortiSOAR™ playbooks. Add the JumpCloud Connector as a step in FortiSOAR™ playbooks and perform automated operations with JumpCloud.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.5.0-4015
JumpCloud Version Tested on: Cloud Setup
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the JumpCloud Connector in version 1.1.0:
requests, in requirements.txt, kept the urllib3 to a lower version resulting in failure of integration servicesNOTE: If you are upgrading the connector from v1.0.0, ensure to update the urllib3 library using the following command:
sudo -u fsr-integrations /opt/cyops-integrations/.env/bin/pip install urllib3==1.26.18
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-jumpcloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the JumpCloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the JumpCloud server to which you will connect and perform the automated operations. |
| API Key | API key of the JumpCloud server to which you will connect and perform the automated operations. |
| Organization ID | Organization ID of the JumpCloud server to which you will connect and perform the automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Create Command | Creates a new command that you want to run on the JumpCloud server based on the command, system ID, and other input parameters you have specified. | create_command Investigation |
| Get Systems | Retrieves details of all the systems or a specific system, based on the System ID you have specified, from the JumpCloud server. | get_systems Investigation |
| Get Users | Retrieves details of all the system users or a specific system user, based on the User ID you have specified, from the JumpCloud server. | get_users Investigation |
| Get Organizations | Retrieves details of all the organizations or a specific organization, based on the Organization ID you have specified, from the JumpCloud server. | get_organizations Investigation |
| Get Commands | Retrieves all commands or a specific command, based on the Command ID you have specified, from the JumpCloud server. | get_commands Investigation |
| Manage Command Associations | Manages the direct associations of two different objects, for example, commands and systems, on the JumpCloud server with a specific command based on the command ID and other input parameters you have specified. | manage_command_associations Investigation |
| Trigger Command | Launches a command on the JumpCloud server based on the trigger name you have specified. | trigger_command Investigation |
| Parameter | Description |
|---|---|
| Command | Specify the command to run on the JumpCloud server. |
| Command Name | Specify a name for the command being created on the JumpCloud server. |
| System ID | Specify an array of system IDs on which to run the command.
NOTE: This parameter is not available if you are using Groups. |
| Command Type | Select the platform on which the command is to be run. You can choose between following options:
|
| Launch Type | Select the type of launch for the command. You can choose from following options:
|
| Timeout after | (Optional) Specify the time, in seconds, for which the command is allowed to run. The maximum value is 86400 seconds (1 day). |
The output contains the following populated JSON schema:
{
"_id": "",
"id": "",
"name": "",
"trigger": "",
"command": "",
"commandType": "",
"commandRunners": [],
"sudo": "",
"launchType": "",
"listensTo": "",
"scheduleRepeatType": "",
"schedule": "",
"files": [],
"timeout": "",
"organization": "",
"shell": ""
}
| Parameter | Description |
|---|---|
| System ID | (Optional) Specify an ID of the system whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the systems from JumpCloud, do not specify a System ID. |
The output contains the following populated JSON schema:
Output schema when the System ID IS NOT specified:
{
"results": [
{
"id": "",
"os": "",
"_id": "",
"fde": {
"active": "",
"keyPresent": ""
},
"arch": "",
"active": "",
"created": "",
"version": "",
"hostname": "",
"remoteIP": "",
"sshdParams": [],
"displayName": "",
"lastContact": "",
"agentVersion": "",
"organization": "",
"serialNumber": "",
"templateName": "",
"sshRootEnabled": "",
"systemTimezone": "",
"modifySSHDConfig": "",
"allowSshRootLogin": "",
"connectionHistory": [],
"networkInterfaces": [
{
"name": "",
"family": "",
"address": "",
"internal": ""
}
],
"associatedTagCount": "",
"allowPublicKeyAuthentication": "",
"allowMultiFactorAuthentication": "",
"allowSshPasswordAuthentication": ""
}
],
"totalCount": ""
}
Output schema when the System ID IS specified:
{
"id": "",
"os": "",
"_id": "",
"fde": {
"active": "",
"keyPresent": ""
},
"arch": "",
"active": "",
"created": "",
"version": "",
"hostname": "",
"remoteIP": "",
"sshdParams": [],
"displayName": "",
"lastContact": "",
"agentVersion": "",
"organization": "",
"serialNumber": "",
"templateName": "",
"sshRootEnabled": "",
"systemTimezone": "",
"modifySSHDConfig": "",
"allowSshRootLogin": "",
"connectionHistory": [],
"networkInterfaces": [
{
"name": "",
"family": "",
"address": "",
"internal": ""
}
],
"allowPublicKeyAuthentication": "",
"allowMultiFactorAuthentication": "",
"allowSshPasswordAuthentication": ""
}
| Parameter | Description |
|---|---|
| User ID | (Optional) Specify an ID of the system user whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the system users from JumpCloud, do not specify a User ID. |
The output contains the following populated JSON schema:
Output schema when the User ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"mfa": {
"exclusion": "",
"configured": ""
},
"sudo": "",
"email": "",
"state": "",
"created": "",
"manager": "",
"lastname": "",
"ssh_keys": [],
"unix_uid": "",
"username": "",
"activated": "",
"addresses": [],
"firstname": "",
"suspended": "",
"unix_guid": "",
"attributes": [],
"middlename": "",
"description": "",
"displayname": "",
"organization": "",
"phoneNumbers": [],
"totp_enabled": "",
"mfaEnrollment": {
"pushStatus": "",
"totpStatus": "",
"overallStatus": "",
"webAuthnStatus": ""
},
"password_date": "",
"account_locked": "",
"alternateEmail": "",
"allow_public_key": "",
"password_expired": "",
"ldap_binding_user": "",
"passwordless_sudo": "",
"associatedTagCount": "",
"enable_managed_uid": "",
"externally_managed": "",
"samba_service_user": "",
"password_never_expires": "",
"disableDeviceMaxLoginAttempts": "",
"enable_user_portal_multifactor": ""
}
],
"totalCount": ""
}
Output schema when the User ID IS specified:
{
"id": "",
"_id": "",
"mfa": {
"exclusion": "",
"configured": ""
},
"sudo": "",
"email": "",
"state": "",
"created": "",
"manager": "",
"lastname": "",
"ssh_keys": [],
"unix_uid": "",
"username": "",
"activated": "",
"addresses": [],
"firstname": "",
"suspended": "",
"unix_guid": "",
"attributes": [],
"middlename": "",
"description": "",
"displayname": "",
"organization": "",
"phoneNumbers": [],
"totp_enabled": "",
"mfaEnrollment": {
"pushStatus": "",
"totpStatus": "",
"overallStatus": "",
"webAuthnStatus": ""
},
"password_date": "",
"recoveryEmail": {
"verified": ""
},
"account_locked": "",
"alternateEmail": "",
"allow_public_key": "",
"password_expired": "",
"restrictedFields": [],
"ldap_binding_user": "",
"passwordless_sudo": "",
"enable_managed_uid": "",
"externally_managed": "",
"samba_service_user": "",
"password_never_expires": "",
"disableDeviceMaxLoginAttempts": "",
"enable_user_portal_multifactor": ""
}
| Parameter | Description |
|---|---|
| Organization ID | (Optional) Specify an ID of the organization whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the organizations from JumpCloud, do not specify an Organization ID. |
The output contains the following populated JSON schema:
Output schema when the Organization ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"created": "",
"logoUrl": "",
"displayName": ""
}
],
"totalCount": ""
}
Output schema when the Organization ID IS specified:
{
"id": "",
"_id": "",
"created": "",
"logoUrl": "",
"provider": "",
"settings": {
"name": "",
"disableUM": "",
"showIntro": "",
"enableO365": "",
"contactName": "",
"disableLdap": "",
"betaFeatures": {},
"contactEmail": "",
"passwordPolicy": {
"minLength": "",
"maxHistory": "",
"needsNumeric": "",
"effectiveDate": "",
"needsSymbolic": "",
"needsLowercase": "",
"needsUppercase": "",
"enableMinLength": "",
"enableMaxHistory": "",
"maxLoginAttempts": "",
"lockoutTimeInSeconds": "",
"minChangePeriodInDays": "",
"allowUsernameSubstring": "",
"enableMaxLoginAttempts": "",
"passwordExpirationInDays": "",
"enableLockoutTimeInSeconds": "",
"enableMinChangePeriodInDays": "",
"enablePasswordExpirationInDays": "",
"daysAfterExpirationToSelfRecover": "",
"daysBeforeExpirationToForceReset": "",
"enableDaysAfterExpirationToSelfRecover": "",
"enableDaysBeforeExpirationToForceReset": ""
},
"emailDisclaimer": "",
"enableGoogleApps": "",
"enableManagedUID": "",
"groupingStrategy": "",
"passwordCompliance": "",
"duplicateLDAPGroups": "",
"disableCommandRunner": "",
"systemUserPasswordExpirationInDays": ""
},
"displayName": "",
"hasStripeCustomerId": ""
}
| Parameter | Description |
|---|---|
| Command ID | (Optional) Specify an ID of the command whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the commands from JumpCloud, do not specify a Command ID. |
The output contains the following populated JSON schema:
Output schema when the Command ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"name": "",
"command": "",
"trigger": "",
"schedule": "",
"template": "",
"listensTo": "",
"launchType": "",
"commandType": "",
"organization": "",
"scheduleYear": "",
"scheduleRepeatType": ""
}
],
"totalCount": ""
}
Output schema when the Command ID IS specified:
{
"id": "",
"_id": "",
"name": "",
"sudo": "",
"user": "",
"files": [],
"shell": "",
"command": "",
"systems": "",
"timeout": "",
"trigger": "",
"schedule": "",
"listensTo": "",
"launchType": "",
"commandType": "",
"organization": "",
"scheduleYear": "",
"commandRunners": [],
"timeToLiveSeconds": "",
"scheduleRepeatType": ""
}
| Parameter | Description |
|---|---|
| Command ID | Specify an ID of the command to directly associate with two different objects. For example, commands and systems. |
| Operation | Select the type of operation to perform to manage the association, i.e., how you want to modify the graph connection. You can choose from the the following options:
|
| Type | Select the type of graph to be used to manage the association. You can choose from the following options:
|
| ID | Specify an ID of graph object whose association is being added, updated, or removed. |
The output contains the following populated JSON schema:
{
"Status": "",
"Message": ""
}
| Parameter | Description |
|---|---|
| Trigger Name | Specify a name of the trigger based on which JumpCloud launches commands, i.e., JumpCloud starts all commands that match the specified trigger name. |
The output contains the following populated JSON schema:
{
"triggered": []
}
The Sample - JumpCloud - 1.1.0 playbook collection comes bundled with the JumpCloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JumpCloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
JumpCloud is a Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business's employees and the systems and IT resources they need access to.
This document provides information about the JumpCloud Connector, which facilitates automated interactions, with a JumpCloud server using FortiSOAR™ playbooks. Add the JumpCloud Connector as a step in FortiSOAR™ playbooks and perform automated operations with JumpCloud.
Connector Version: 1.1.0
FortiSOAR™ Version Tested on: 7.5.0-4015
JumpCloud Version Tested on: Cloud Setup
Authored By: Fortinet
Certified: Yes
The following enhancements have been made to the JumpCloud Connector in version 1.1.0:
requests, in requirements.txt, kept the urllib3 to a lower version resulting in failure of integration servicesNOTE: If you are upgrading the connector from v1.0.0, ensure to update the urllib3 library using the following command:
sudo -u fsr-integrations /opt/cyops-integrations/.env/bin/pip install urllib3==1.26.18
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command as a root user to install the connector:
yum install cyops-connector-jumpcloud
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the JumpCloud connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
| Parameter | Description |
|---|---|
| Server URL | URL of the JumpCloud server to which you will connect and perform the automated operations. |
| API Key | API key of the JumpCloud server to which you will connect and perform the automated operations. |
| Organization ID | Organization ID of the JumpCloud server to which you will connect and perform the automated operations. |
| Verify SSL | Specifies whether the SSL certificate for the server is to be verified. By default, this option is set to True. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations:
| Function | Description | Annotation and Category |
|---|---|---|
| Create Command | Creates a new command that you want to run on the JumpCloud server based on the command, system ID, and other input parameters you have specified. | create_command Investigation |
| Get Systems | Retrieves details of all the systems or a specific system, based on the System ID you have specified, from the JumpCloud server. | get_systems Investigation |
| Get Users | Retrieves details of all the system users or a specific system user, based on the User ID you have specified, from the JumpCloud server. | get_users Investigation |
| Get Organizations | Retrieves details of all the organizations or a specific organization, based on the Organization ID you have specified, from the JumpCloud server. | get_organizations Investigation |
| Get Commands | Retrieves all commands or a specific command, based on the Command ID you have specified, from the JumpCloud server. | get_commands Investigation |
| Manage Command Associations | Manages the direct associations of two different objects, for example, commands and systems, on the JumpCloud server with a specific command based on the command ID and other input parameters you have specified. | manage_command_associations Investigation |
| Trigger Command | Launches a command on the JumpCloud server based on the trigger name you have specified. | trigger_command Investigation |
| Parameter | Description |
|---|---|
| Command | Specify the command to run on the JumpCloud server. |
| Command Name | Specify a name for the command being created on the JumpCloud server. |
| System ID | Specify an array of system IDs on which to run the command.
NOTE: This parameter is not available if you are using Groups. |
| Command Type | Select the platform on which the command is to be run. You can choose between following options:
|
| Launch Type | Select the type of launch for the command. You can choose from following options:
|
| Timeout after | (Optional) Specify the time, in seconds, for which the command is allowed to run. The maximum value is 86400 seconds (1 day). |
The output contains the following populated JSON schema:
{
"_id": "",
"id": "",
"name": "",
"trigger": "",
"command": "",
"commandType": "",
"commandRunners": [],
"sudo": "",
"launchType": "",
"listensTo": "",
"scheduleRepeatType": "",
"schedule": "",
"files": [],
"timeout": "",
"organization": "",
"shell": ""
}
| Parameter | Description |
|---|---|
| System ID | (Optional) Specify an ID of the system whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the systems from JumpCloud, do not specify a System ID. |
The output contains the following populated JSON schema:
Output schema when the System ID IS NOT specified:
{
"results": [
{
"id": "",
"os": "",
"_id": "",
"fde": {
"active": "",
"keyPresent": ""
},
"arch": "",
"active": "",
"created": "",
"version": "",
"hostname": "",
"remoteIP": "",
"sshdParams": [],
"displayName": "",
"lastContact": "",
"agentVersion": "",
"organization": "",
"serialNumber": "",
"templateName": "",
"sshRootEnabled": "",
"systemTimezone": "",
"modifySSHDConfig": "",
"allowSshRootLogin": "",
"connectionHistory": [],
"networkInterfaces": [
{
"name": "",
"family": "",
"address": "",
"internal": ""
}
],
"associatedTagCount": "",
"allowPublicKeyAuthentication": "",
"allowMultiFactorAuthentication": "",
"allowSshPasswordAuthentication": ""
}
],
"totalCount": ""
}
Output schema when the System ID IS specified:
{
"id": "",
"os": "",
"_id": "",
"fde": {
"active": "",
"keyPresent": ""
},
"arch": "",
"active": "",
"created": "",
"version": "",
"hostname": "",
"remoteIP": "",
"sshdParams": [],
"displayName": "",
"lastContact": "",
"agentVersion": "",
"organization": "",
"serialNumber": "",
"templateName": "",
"sshRootEnabled": "",
"systemTimezone": "",
"modifySSHDConfig": "",
"allowSshRootLogin": "",
"connectionHistory": [],
"networkInterfaces": [
{
"name": "",
"family": "",
"address": "",
"internal": ""
}
],
"allowPublicKeyAuthentication": "",
"allowMultiFactorAuthentication": "",
"allowSshPasswordAuthentication": ""
}
| Parameter | Description |
|---|---|
| User ID | (Optional) Specify an ID of the system user whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the system users from JumpCloud, do not specify a User ID. |
The output contains the following populated JSON schema:
Output schema when the User ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"mfa": {
"exclusion": "",
"configured": ""
},
"sudo": "",
"email": "",
"state": "",
"created": "",
"manager": "",
"lastname": "",
"ssh_keys": [],
"unix_uid": "",
"username": "",
"activated": "",
"addresses": [],
"firstname": "",
"suspended": "",
"unix_guid": "",
"attributes": [],
"middlename": "",
"description": "",
"displayname": "",
"organization": "",
"phoneNumbers": [],
"totp_enabled": "",
"mfaEnrollment": {
"pushStatus": "",
"totpStatus": "",
"overallStatus": "",
"webAuthnStatus": ""
},
"password_date": "",
"account_locked": "",
"alternateEmail": "",
"allow_public_key": "",
"password_expired": "",
"ldap_binding_user": "",
"passwordless_sudo": "",
"associatedTagCount": "",
"enable_managed_uid": "",
"externally_managed": "",
"samba_service_user": "",
"password_never_expires": "",
"disableDeviceMaxLoginAttempts": "",
"enable_user_portal_multifactor": ""
}
],
"totalCount": ""
}
Output schema when the User ID IS specified:
{
"id": "",
"_id": "",
"mfa": {
"exclusion": "",
"configured": ""
},
"sudo": "",
"email": "",
"state": "",
"created": "",
"manager": "",
"lastname": "",
"ssh_keys": [],
"unix_uid": "",
"username": "",
"activated": "",
"addresses": [],
"firstname": "",
"suspended": "",
"unix_guid": "",
"attributes": [],
"middlename": "",
"description": "",
"displayname": "",
"organization": "",
"phoneNumbers": [],
"totp_enabled": "",
"mfaEnrollment": {
"pushStatus": "",
"totpStatus": "",
"overallStatus": "",
"webAuthnStatus": ""
},
"password_date": "",
"recoveryEmail": {
"verified": ""
},
"account_locked": "",
"alternateEmail": "",
"allow_public_key": "",
"password_expired": "",
"restrictedFields": [],
"ldap_binding_user": "",
"passwordless_sudo": "",
"enable_managed_uid": "",
"externally_managed": "",
"samba_service_user": "",
"password_never_expires": "",
"disableDeviceMaxLoginAttempts": "",
"enable_user_portal_multifactor": ""
}
| Parameter | Description |
|---|---|
| Organization ID | (Optional) Specify an ID of the organization whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the organizations from JumpCloud, do not specify an Organization ID. |
The output contains the following populated JSON schema:
Output schema when the Organization ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"created": "",
"logoUrl": "",
"displayName": ""
}
],
"totalCount": ""
}
Output schema when the Organization ID IS specified:
{
"id": "",
"_id": "",
"created": "",
"logoUrl": "",
"provider": "",
"settings": {
"name": "",
"disableUM": "",
"showIntro": "",
"enableO365": "",
"contactName": "",
"disableLdap": "",
"betaFeatures": {},
"contactEmail": "",
"passwordPolicy": {
"minLength": "",
"maxHistory": "",
"needsNumeric": "",
"effectiveDate": "",
"needsSymbolic": "",
"needsLowercase": "",
"needsUppercase": "",
"enableMinLength": "",
"enableMaxHistory": "",
"maxLoginAttempts": "",
"lockoutTimeInSeconds": "",
"minChangePeriodInDays": "",
"allowUsernameSubstring": "",
"enableMaxLoginAttempts": "",
"passwordExpirationInDays": "",
"enableLockoutTimeInSeconds": "",
"enableMinChangePeriodInDays": "",
"enablePasswordExpirationInDays": "",
"daysAfterExpirationToSelfRecover": "",
"daysBeforeExpirationToForceReset": "",
"enableDaysAfterExpirationToSelfRecover": "",
"enableDaysBeforeExpirationToForceReset": ""
},
"emailDisclaimer": "",
"enableGoogleApps": "",
"enableManagedUID": "",
"groupingStrategy": "",
"passwordCompliance": "",
"duplicateLDAPGroups": "",
"disableCommandRunner": "",
"systemUserPasswordExpirationInDays": ""
},
"displayName": "",
"hasStripeCustomerId": ""
}
| Parameter | Description |
|---|---|
| Command ID | (Optional) Specify an ID of the command whose details to retrieve from JumpCloud.
NOTE: To retrieve details of all the commands from JumpCloud, do not specify a Command ID. |
The output contains the following populated JSON schema:
Output schema when the Command ID IS NOT specified:
{
"results": [
{
"id": "",
"_id": "",
"name": "",
"command": "",
"trigger": "",
"schedule": "",
"template": "",
"listensTo": "",
"launchType": "",
"commandType": "",
"organization": "",
"scheduleYear": "",
"scheduleRepeatType": ""
}
],
"totalCount": ""
}
Output schema when the Command ID IS specified:
{
"id": "",
"_id": "",
"name": "",
"sudo": "",
"user": "",
"files": [],
"shell": "",
"command": "",
"systems": "",
"timeout": "",
"trigger": "",
"schedule": "",
"listensTo": "",
"launchType": "",
"commandType": "",
"organization": "",
"scheduleYear": "",
"commandRunners": [],
"timeToLiveSeconds": "",
"scheduleRepeatType": ""
}
| Parameter | Description |
|---|---|
| Command ID | Specify an ID of the command to directly associate with two different objects. For example, commands and systems. |
| Operation | Select the type of operation to perform to manage the association, i.e., how you want to modify the graph connection. You can choose from the the following options:
|
| Type | Select the type of graph to be used to manage the association. You can choose from the following options:
|
| ID | Specify an ID of graph object whose association is being added, updated, or removed. |
The output contains the following populated JSON schema:
{
"Status": "",
"Message": ""
}
| Parameter | Description |
|---|---|
| Trigger Name | Specify a name of the trigger based on which JumpCloud launches commands, i.e., JumpCloud starts all commands that match the specified trigger name. |
The output contains the following populated JSON schema:
{
"triggered": []
}
The Sample - JumpCloud - 1.1.0 playbook collection comes bundled with the JumpCloud connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the JumpCloud connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.