Hypersocket (formerly Nervepoint) enables organizations to efficiently manage and administer end users and their access to disparate systems by empowering end users to manage their own accounts across multiple systems both on-premise and in the cloud, while allowing IT to gain control over user sprawl, cut support and gain in-depth business insight.
N/A
JumpCloud
Score 9.0 out of 10
N/A
JumpCloud Directory-as-a-Service® is a cloud-based platform that enables IT teams to securely manage user identities and connect them to resources they need regardless of provider, protocol, vendor, or location. Directory-as-a-Service gives organizations a single pane of glass to manage users and systems. It allows administrators to grant users secure access to resources with protocols and access controls. It also includes APIs, tools, and integrations to maximize administrative flexibility and…
HyperSocket is very well suited if the resources and budget are made available. There is not much a learning curve for the IT Department or for those users already familiar with two-factor authentication. There will be some education and training requirements for most end-users as the notifications and general verbiage can be confusing for some. It may also show some exploits within some end-users who are unaware of a notification but will use the email to reset an expired password without thinking twice if it may have been a phishing email or the opposite where an end-user deletes or ignores the expiration email notification expecting it to be spam/phishing.
JumpCloud is least suited in situations where you have few devices, but lots of users. JumpCloud heavily focuses on the "One-User-One-Device" type of use, and does lack some of the features things like Active Directory is better suited for when having multiple users accessing one machine. Their Powershell APIs are fantastic and getting only more powerful. Lots of features are hidden behind these APIs, so admins not as familiar with Powershell would have more issues leveraging these tools. BYOD deployments are amazing, especially for macOS devices that are using Apple Business Manager and can leverage Zero Touch deployments. It is especially good at handling mixed systems, whereas other options, such as Jamf, are really suiting only for macOS, or Intune is more suited for Windows; JumpCloud managed to handle both systems well.
User Management - The ability to control our users and set password/polices is made easy in the JC console
Device Management - Using JC each user is assigned to their own device with only the rights to do their job - When elevated rights are required, this is done simply via the JC console for the period of time required
SSO - Using JC's SAML SSO integrations we are building out our SSO offering and this is making for a much simpler daily user experience
Help-Desk functionality similar to OneIdentity Self-Service Password Manager, as it provides additional users that do not require administrative access to assist with managing end-users who may have locked themselves out of HyperSocket Access Manager by forgetting their own security questions.
Too many features which become unusable and feel like the payment plans are not flexible since it's an all-in-one product with one price. It is not necessarily a bad thing as most subscription-based pricing forces a buyer to pay more for an integral service that is only available on the highest price-plan. You really do get what you pay for, but we found many of our use-case scenarios limited the product.
This isn't necessarily against the product, just a personal opinion around Multi-Factor authentication which is always primarily driven mobile devices. Not all companies or end-users have access to a multi-factor device, (or in our case, are allowed to have access to a cell phone while servicing members/clients). This creates a shortfall to allow multi-factor functionality to extend to all users unless there are hardware tokens, which can be miss placed or left out more easily as most users don't treat it the same way they would their personal smartphone.
SSO via OpenID - Opening up their SSO from just SAML to including OpenID (OAuth) would allow us to make more use of the service and to also incorporate it into some internal testing suites
Time Limited User Elevation - The ability to time limit a users elevation of privileges would be a great addition
Extending device management to include LPA - Least Privilege Access is becoming a bigger ask from our external auditors - Being able to do this via JC would be amazing
It's simple. I like how JumpCloud keeps things simple. Similar to Apple's ecosystem, they give you what you want with some extra features and bells and whistles but it doesn't take a large instruction manual to use it. They have the support system and KB articles to back up their product and learn about a feature and how to implement it
I have rarely contacted support. When I have, the responses were within expected time frames, and easy to access. Community support is incredible, both from the JumpCloud representatives, and the user base community at large. The support pages on the website also are typically very well written and strike a nice balance between having the technical information needed, and also being easy to understand for the small business types that might not have as much of a technical background as an IT Admin.
Nervepoint Access Manager (NAM) has the ability to deal with multiple domains. While ServiceNow at the time we looked at the solution did not (I do not know if it does now). NAM was a more polished, mature product.
Some features would make more sense for us to be bundled by machine, instead of the user. We have fewer machines, and multiple users log into one machine, so doing something like paying per user for services like Patch Management are difficult to warrant the cost. I also feel a more complete package that includes common addon features; Patch Management and Password Manager, would be an improvement. It would also be nice if we could change packages, addons, and other billing services via self-service instead of reaching out to our account manager.
As with any IT Service or Solution, the investment will always be seen as a sunk cost. The only ROI would be the time and resources spent elsewhere rather than with Password Management through an IT Department or similar department. I found that the time spent on password management was about the same, as many users who are frequently forgetting a password are also forgetting their security question & answers.
There are some positives, as it was able to help manage the bulk of their non-windows passwords or passwords related to another online service. The centralized password manager doesn't feel like a true single sign-on but for most users, it replaces a hand-written copy they have taped to a monitor.
It can help with automating some of the active directory workflows with its own user provisioning functionality. Took more time to set up than it was to manage on its own.
