Skip to main content
All CollectionsTemplatesBasic
Ask Users to Confirm Failed JumpCloud Login Attempts - Workflow Template
Ask Users to Confirm Failed JumpCloud Login Attempts - Workflow Template

Daily pull of failed logins from JumpCloud, reach out to users with failed logins over Slack and confirm they were the tying to login.

Updated over 6 months ago

This workflow template streamlines the security checks for failed JumpCloud login attempts over a 24-hour period. It retrieves the failed attempts, clusters similar events based on the username and source IP, and then reaches out via Slack to confirm whether the failed access was a legitimate user attempt. If the user either does not recognize the activity or fails to respond, the workflow triggers the creation of an incident in ServiceNow. This proactive measure helps maintain the integrity of identity and access management within an organization.

Take Me to the Template

Trigger

Scheduled Event

Use Cases

Identity and Access Management

Workflow Breakdown

  1. Pull latest failed logins from JumpCloud from past 24 hours

  2. Combine similar events based on username and source ip-address

  3. Ask the user via Slack if they are the originator of the access attempt

  4. If not confirmed or responded to, open a ServiceNow incident

Vendors

Slack, Utils, ServiceNow, JumpCloud

Tips

Jira or Zendesk could be used instead of ServiceNow if desired

Related Articles
Handle Suspicious AWS Console Logins (AWS SNS) - Workflow Template
Approve Group Membership for New User (JumpCloud) - Workflow Template
Request User Account Unlock in JumpCloud - Workflow Template
ITSM - Notify Slack user on closed/resolve incidents (ServiceNow) - Workflow Template
Request Just-in-Time Access to SSO Applications in JumpCloud - Workflow Template
Did this answer your question?