JumpCloud connector

Use your JumpCloud data for reporting, automation and AI.

Data Panda brings your JumpCloud users, devices, applications and system events into the same warehouse as your HR, finance and operations data. From one place we turn it into dashboards, automations, AI workflows and custom apps that IT, security and finance use during the month, not the morning of an audit.

Data Panda Reporting Automation AI Apps
JumpCloud logo
About JumpCloud

An open directory that replaces three SaaS bills with one.

JumpCloud was founded in 2010 in Boulder, Colorado by Rajat Bhargava and Larry Middle, and has grown into a single platform that an SMB IT team uses for what used to need three vendors: a cloud directory, a single sign-on layer, and device management for Windows, macOS and Linux laptops. The same console also exposes the older protocols (LDAP, RADIUS) that on-prem network gear and legacy apps still speak, so JumpCloud often shows up as the Active-Directory-replacement-in-the-cloud for companies that no longer want a domain controller in a back room. JumpCloud reports more than 200,000 organisations on the platform across the free and paid tiers.

The customers we see on JumpCloud almost never run it as one of three identity tools. They run it as the one identity tool, because the price-tag question for a sub-1,000-employee company is whether you want Okta plus Jamf plus a separate directory bill, or one console that covers all three. JumpCloud's API exposes the user directory and user groups, the systems register (every enrolled laptop with its OS, patch level and policy state), the application catalogue and SSO usage, and the system-events stream that records logins, MDM commands, RADIUS authentications and admin changes. Pulled into the warehouse next to BambooHR, the GL and the SaaS-spend export, that surface answers questions the JumpCloud console alone cannot: which leavers still have an active session this week, which laptops missed last month's patch window per office, which paid-for SaaS app has nobody logging in, and where the MFA enrolment gap sits across a mixed Mac and Windows fleet.

What your JumpCloud data is for

What you get once JumpCloud is connected.

Identity and device reporting

Users, devices, applications and system events in one picture across the JumpCloud tenant.

  • Active users by group, last login and SSO app coverage
  • Device fleet by OS, patch level, disk encryption and policy state
  • MFA enrolment and exception status per user, group and office

Process automation

Turn JumpCloud events into the downstream work the rest of the stack expects, instead of an IT ticket queue.

  • Provision and deprovision SaaS access from the JumpCloud user record
  • Push BambooHR joiner-mover-leaver events into JumpCloud groups
  • Alert when a leaver still has an active session or enrolled device

AI workflows

Put the directory, device fleet and event stream behind AI that reads identity and endpoint posture as one picture.

  • Anomaly scoring on RADIUS and SSO logins by user, location and device
  • Patch-risk scoring per device against the apps it logs into
  • Natural-language Q&A on users, groups, devices and last sessions

Custom apps on your data

Lightweight access and audit tools on JumpCloud data for IT, security and finance who should not need an admin login to read their own posture.

  • Joiner-mover-leaver tracker tying HR events to JumpCloud and SaaS access
  • Office-level device posture board with patch and encryption status
  • SaaS-licence-versus-usage view from SSO and application sign-ins
Use cases

Use cases we deliver with JumpCloud data.

A list of concrete reports, automations and AI features we have built on JumpCloud data. Pick the one that matches your situation.

Joiner-mover-leaver auditHR start, role-change and exit dates lined up with JumpCloud groups, SSO access and device assignments.
Active-session leaver checkUsers with a recent SSO or RADIUS session against the HR exit date, by office and group.
MFA enrolment coverageMFA enrolment and exception status per user, group and device OS.
Device patch posturePatch level, OS version and reboot lag per laptop, by office and assigned user.
Disk encryption coverageFileVault and BitLocker enablement per device with policy-applied evidence.
SaaS licence-versus-usagePaid SaaS seats against actual SSO sign-ins per app, user and last-active date.
RADIUS access trailOffice Wi-Fi and VPN authentications per user, device and time, ready for audit.
Admin-action audit logJumpCloud admin changes (groups, policies, SSO assignments) per actor and target.
Group membership driftUsers who carry group memberships their role no longer needs, against HR job title.
Device-to-user reconciliationEnrolled devices without an assigned user, or users with no enrolled device, by office.
Onboarding readinessDay-one access checklist completion (account, MFA, SSO apps, laptop) per new hire.
Cost of identity toolingJumpCloud spend per active user against the IAM-plus-MDM-plus-AD baseline it replaced.
Real business questions

Answers you will finally get.

Do any leavers still have access this week?

Users whose HR exit date is past, joined to their last SSO sign-in, RADIUS authentication and active device session in JumpCloud, broken out by office and group. Security sees the gap between the day HR closed the file and the day every JumpCloud-tied access went dark, instead of trusting that one ticket closed all the doors.

Where is our MFA enrolment gap, by device and office?

MFA enrolment and exception flags per user, joined to the device they sign in from and the office they belong to. IT sees which Mac-heavy office still has fifteen exceptions pending, and which contractor accounts have logged in for weeks without an enrolled second factor, before the auditor asks for a screenshot.

Are we paying for SaaS seats nobody logs into?

Paid SaaS-app seat counts (Salesforce, Box, Google Workspace and the rest assigned through JumpCloud SSO) against actual SSO sign-ins per user over the last 30, 60 and 90 days. Finance and IT see which seats can be reclaimed at renewal, with the names attached, instead of an annual licence-clean-up that always runs out of time.

Value for everyone in the organisation

Where each function gets value.

For finance leaders

JumpCloud spend per active user lined up against the SaaS-licence and identity-tooling stack it replaced. Finance sees the per-user cost of the bundled directory plus MDM plus SSO against what Okta plus Jamf plus an AD bill would have cost, with reclaimable seats from SSO usage on the same screen.

For sales leaders

Sales-team device readiness and SaaS-app access lined up with the Salesforce user list. Revenue ops sees which AEs do not yet have CRM access on day one, which managers still carry direct-report access to leavers, and which laptops missed last month's patch window before a customer demo.

For operations

Joiner-mover-leaver flow from the HRIS through JumpCloud to SaaS access, in one capacity-and-posture picture. The COO sees onboarding lead time, leaver-cleanup lag and patch posture per office, instead of three IT tickets and one spreadsheet.

Ideas

What you can automate with JumpCloud.

Pair with BambooHR

Drive joiner-mover-leaver from BambooHR into JumpCloud

New hires, role changes and exits in BambooHR drive the JumpCloud user record, group memberships and SSO-app assignments, so day one starts with the right access and exit day closes it down. IT stops chasing a checklist across three consoles, finance gets clean per-user cost, and the leaver report tomorrow morning has nobody on it with a session from yesterday afternoon.

Pair with Salesforce

Tie Salesforce SSO usage to JumpCloud user activity

JumpCloud SSO sign-ins to Salesforce, joined to the Salesforce user list, the role hierarchy and the territory plan. Sales ops sees which AEs have a paid Salesforce seat but have not signed in this quarter, which managers still hold a Salesforce role for a leaver, and which contractor accounts log into Salesforce from a device that is not enrolled in JumpCloud MDM.

Pair with Box

Govern Box folder access from the JumpCloud directory

Box folder ownership and shared-folder access tied back to the JumpCloud user and group record, joined to HR job title. Information governance sees which leavers still own a Box folder shared with current staff, which contractor accounts have access to client folders past project end, and which Box licences belong to users who have not signed in through JumpCloud SSO in 60 days.

Pair with Slack

Push JumpCloud security events into the right Slack channel

Selected JumpCloud system events drive Slack messages into the right channel: a leaver with a session after exit goes to the security channel with the user, device and timestamp, an unenrolled-MFA exception goes to IT-ops, and a new admin action lands in an audit channel with actor and target. The IT lead stops opening the JumpCloud console twice a day to check whether anything broke overnight.

Your existing tools

Your data lands in a warehouse. Your BI tools read from it.

You keep the reporting tool you already have. We connect it to the warehouse where your JumpCloud data lives.

Power BI logo
Power BI Microsoft
Microsoft Fabric logo
Fabric Microsoft
Snowflake logo
Snowflake Data warehouse
Google BigQuery logo
BigQuery Google
Tableau logo
Tableau Visualisation
Microsoft Excel logo
Excel Sheets & pivots
Three steps

From JumpCloud to answers in three steps.

01

Connect securely

OAuth authentication. Read-only by default. We sign a DPA and your admin keeps the keys.

02

Land in your warehouse

Data flows into your warehouse on your schedule. Near real time or nightly, your call. You own the data.

03

Reporting, automation, AI

We build the first dashboard, workflow or AI feature with you, then hand over the keys. Or we stay on for ongoing delivery.

Two ways to work with us

Pick the track that fits how you work.

Track 01

Self-serve

We set up the foundation. Your team builds on top.

  • JumpCloud connector configured and running
  • Warehouse set up in your cloud account
  • Clean access for your Power BI, Fabric or Tableau team
  • Documentation on what's in the data model
  • Sync monitoring so you're warned before reports break

Best fit Teams that already have a BI analyst or data engineer and want to own the build.

Track 02

Done for you

We build the whole thing, end to end.

  • Everything in Self-serve
  • Dashboards built to the questions your team actually asks
  • Automations between your systems
  • AI workflows scoped to real tasks your team runs
  • Custom apps where a dashboard does not cut it
  • Ongoing delivery at a pace that fits your team

Best fit Teams without in-house BI or dev capacity. You tell us what you need and we deliver it.

Before you book

Frequently asked questions.

Who owns the data?

You do. It lands in your warehouse, on your cloud account. We don't resell or aggregate it. If you stop working with us, the warehouse stays yours and keeps running.

How fresh is the data?

Near real time for most operational systems. For heavier sources we schedule hourly or nightly. You pick based on what the reports need.

Do I need a warehouse already?

No. If you don't have one, we help you pick one and set it up as part of the first delivery. Common starting points are Snowflake, Microsoft Fabric, or a small Postgres start.

Which JumpCloud objects land in the warehouse?

The connector pulls the user directory and user groups, the systems register (every enrolled device with OS, version, last-contact and policy state), the application catalogue and SSO assignments, the configured policies, and the system-events stream that records logins, MDM commands, RADIUS authentications and admin actions. That covers the reporting surface most IT, security and finance dashboards need without scripting against the API by hand. Authentication runs through a JumpCloud API key scoped to your organisation.

How does this differ from connecting Okta and Jamf separately?

JumpCloud's value is that user directory, SSO usage, MDM device state and LDAP/RADIUS authentications come from one tenant and one event stream. Joining a leaver's HR exit to their last RADIUS authentication and their unenrolled device does not need three connectors and a stitch table in the warehouse. Companies that already split identity (Okta) and Mac MDM (Jamf) keep that split, and we model both side-by-side; companies on JumpCloud get the bundled view as a single warehouse model.

How far back does the system-events history go in the warehouse?

JumpCloud's directory insights and event API expose recent events with a retention window that depends on your tier. We pull the events on a schedule and append them to a warehouse table, so the warehouse keeps the full history beyond the in-product retention. That makes year-over-year audit views and quarter-on-quarter SSO-usage analysis possible without paying for an extended-retention add-on.

GDPR-compliant
Data stays in the EU
You own the warehouse

A first deliverable live in four to six weeks.

We review your JumpCloud setup and the systems around it. Together we pick the first thing worth building.

Book a call See our other connectors