Password Statuses

JumpCloud has password status indicators that show the current password status of the users in your organization, so that you can make changes as necessary. The password statuses are:

  • Password Pending
  • Active
  • Expired
  • Locked

Users with a Password Status state of Password Pending and User State of Active need to complete the activation process by following the instructions provided in the JumpCloud activation email sent by your IT admin. Alternatively, an admin can specify a password for the user in the Admin Portal. These users will have full access to their JumpCloud managed resources once their password is set and their account is in an Active user state. See Connect New Users to Resources to learn more.

Considerations

  • If a user has a User State of anything other than Active, they won’t be able to access any of their JumpCloud resources, regardless of their password status. See Manage User States to learn more.
  • It’s possible for a user to have a Password Status that is Password Expired and Account Locked Out at the same time. The password status will show an expiration date that’s in the past and the TOTP MFA Status as locked. In this situation, resetting a user’s password returns the user back to an active password status. However, unlocking an account doesn’t reset expired passwords.
  • If a Mac user has FileVault enabled and gets locked out of their account, the login window doesn’t automatically refresh after the account is unlocked. For the user to log in to their device after their account is unlocked, the admin should do one of the following:
    • ​Restart the device.
    • Log in with another user on the device, such as the JumpCloud admin, then log out.
    • If name and password authentication is enabled, enter the user’s username.
  • For JumpCloud managed Linux systems, the user is unable to authenticate into the target machine until their account is unlocked.

Active Password

Users with an Active Password Status and an Active User State can:

  • Connect to their JumpCloud managed resources.  
  • Log in with their current password.
  • Change their password at any time from the User Portal or from the User Portal Login page. See Change Your User Portal Password to learn more. 

Password Pending

Users with a Password Status state of Password pending and User State of Active need to complete the activation process by following the instructions provided in the activation email sent by their admin. Alternatively, an admin can specify a password for the user in the Admin Portal. These users will have full access to their JumpCloud managed resources once their password is set and their account is in an Active user state. See Connect New Users to Resources to learn more.

To specify a password for the user in the Admin Portal:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to USER MANAGEMENT > Users.
  3. Click anywhere on the row of a user’s name. 
  4. Click the Details tab and expand the User Security Settings and Permissions section.
  5. Under the Password Settings section, enter the temporary password (the user will change this and create their own password) in the Password and Confirm Password fields, then click save user

If you need to resend the activation email because the token expired or another issue, you can resend it from either the Users page or the User panel.

To resend the activation email to users:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to User Management > Users.
  3. Click anywhere on the row of a user’s name. 
  4. Under Send activation email to user on the left-hand side of the user panel, click Send
  5. You can also resend the activation email by selecting a user, then clicking more actions in the top right-hand corner, and then Resend Email.

Expired Password

Users with an Expired Password are disabled from accessing all resources they are connected to, including email. Their systemuser record is set to "password_expired":true. Passwords can expire because the Password Aging option's setting for password expiration has passed, or because an admin changed JumpCloud's password complexity requirements and forced users to update their password by a certain date.

Users are sent an email with a password reset link. This option is only viable if email access isn’t managed by JumpCloud. Users can also use the self-service password reset option. See Change Your User Portal Password to learn more. 

To learn how to reset a User's Password, see Reset Passwords.

Locked Account

Tip: Hover over the user's Password Status in the Users list to see a tooltip.

To filter for Locked Accounts:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to User Management > Users.
  3. To the right of the Search bar, click the filter by dropdown, then Account Locked out. This will filter all of the locked accounts.

A user with an Account Locked Password Status has exceeded the number of login attempts to the User Portal, or to a system endpoint. The user is locked out of their account and all resources they're bound to. You can configure whether or not a user maintains access to their Google Workspace or M365 email accounts. See Manage Password and Security Settings to learn more.

Accounts can be unlocked in any of the following ways:

  • If a user knows their password, the JumpCloud admin can unlock their account. See Unlock User Accounts to learn more.
  • If a user doesn’t know their password and has access to their email, they can reset it.
  • If a user doesn’t have access to their email, the JumpCloud admin can reset their password for them. See Reset Passwords to learn more.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case