Having secure devices plays a major role in meeting compliance requirements. We want to support as many Mobile Device Management solutions (MDMs) as possible, in addition to providing our agent. We have heard from many of you that you use JumpCloud's MDM solution. This article goes over how to sync & bring all of your compliance-related information from JumpCloud to Drata.
Prerequisites & Data Access
Must have Admin access to your company’s JumpCloud account.
Your JumpCloud account must have API access enabled.
System Insights endpoints must be available (check under JumpCloud Features).
The JumpCloud Agent must be installed on all computers you wish to monitor.
Supported device type: Computers only (macOS, Windows, Linux).
Mobile and tablet devices are not supported.
Compliance checks
At this time, Drata’s device compliance checks using the JumpCloud MDM connection confirms the following:
Does the policy of the required name and/or type exist?
Is that policy mapped to the device?
Is that device compliant with that policy?
Current Limitations
Browser Extensions: Only Chrome extensions are detectable. If Chrome extensions are used as password managers, the related compliance check will fail. Users should instead use the equivalent desktop application.
Linux Devices: JumpCloud APIs do not expose installed applications on Linux. Linux users must manually upload evidence for antivirus and password manager compliance.
Permissions & Data Table
Permission/Scope | Why It’s Needed | Data Accessed (Read Only) |
API Token | Authenticates Drata’s connection to JumpCloud | Device, policy, and compliance data |
System Insights | Provides detailed system-level evidence | Device status, disk encryption, lock screen, firewall, and updates |
Commands (DrataCollectorLinux) | Executes system scripts for compliance verification | Firewall, updates, encryption status |
Step-by-Step Setup
Step 1: Configure JumpCloud Device Policies and Commands
Before connecting to Drata, ensure that device policies and command scripts are properly configured in JumpCloud.
Supported Device Policies
Device | Supported Device Policies |
Windows |
|
macOS |
Note: Only Automatic macOS Updates are supported for Patch Management compliance. |
Linux |
|
Drata makes use of the following Device Policies in our compliance checks. To learn more about JumpCloud Device Policies, please follow these instructions. During evaluation, Drata will check individual devices for a connected policy or that the device belongs to a Policy Group containing the policy:
Commands Setup
For other checks, we utilize the JumpCloud Commands functionality to run scripts on the system. These scripts can be found below, and then copy and pasted into your JumpCloud console.
We recommend you configure JumpCloud to run these scripts at a set daily interval, and Drata will gather evidence from the latest runs of these commands when we run our daily compliance checks.
Like Policies, these Commands should be attached either directly to devices or to device groups containing every device you want to run compliance checks on.
You can create new Commands starting from here: https://console.jumpcloud.com/#/commands/new
DrataCollectorLinux (Linux Shell Script)
#!/bin/sh
if which ufw > /dev/null && ufw status | grep -q "Status: active"; then
firewall='true';
else
firewall='false';
fi
graphics=`lspci | grep VGA | head -1`;
if which apt-config > /dev/null && apt-config dump APT::Periodic::Unattended-Upgrade | grep -q 'APT::Periodic::Unattended-Upgrade "1";'; then
autoUpdate='true';
else
autoUpdate='false';
fi
echo "{"
echo " \"firewallEnabled\": $firewall,"
echo " \"macAddress\": null,"
echo " \"graphics\": \"$graphics\","
echo " \"autoUpdateEnabled\": $autoUpdate,"
echo " \"gateKeeperEnabled\": null,"
echo " \"fileVaultEnabled\": null,"
echo " \"winServicesList\": null"
echo "}"
Step 2: Locate and Copy the JumpCloud API Key
Log into the JumpCloud Admin Console
Click your username dropdown in the top-right corner.
Click API Settings.
Copy your API Key.
Important Notes:
Each administrator has a unique API key.
To revoke access, reset your API key in the same menu. This will immediately invalidate previous keys.
Keep your API key confidential, as it provides full access to your JumpCloud console data.
Step 3: Connect JumpCloud MDM to Drata
In Drata, navigate to Connections from the side navigation menu.
Select the Available Connections tab.
Search for JumpCloud MDM and click Connect.
In the connection drawer, enter the following details
Drata Field | JumpCloud MDM Value |
API Key | The API key copied from JumpCloud Admin Console |
Exclusion Group ID | (Optional) ID of JumpCloud device group to exclude from monitoring |
Organization ID | (Optional) Organization ID for multi-tenant environments |
Click Save & Test Connection to complete setup.
Step 4: Enable JumpCloud MDM and Verify
In Drata, navigate to Settings → Internal Security.
Under Workstation Configuration Monitoring, select Automated via JumpCloud MDM.
(Optional) Disable Automated via Drata Agent if both are enabled.
If both remain active, the Drata Agent takes precedence when installed on a device.