Use Multi-Factor Authentication (MFA) with JumpCloud to secure access to your organization’s Admin Portal. Read this article to learn how to enable MFA for an administrator.
New Admins created after October 2023 will have MFA for logging in to the Admin Portal enabled by default.
Prerequisites:
- Obtain an application to generate TOTP tokens. See Set Up Authenticator App for User Account.
Considerations:
- An admin with the Administrator role cannot enable MFA for an admin with the Administrator with Billing role.
- An admin with the Administrator with Billing role is able to enable MFA for themselves.
- See Manage Admin Accounts.
Enabling MFA for the Administrator
To enable MFA for a JumpCloud Administrator:
- Log in to the JumpCloud Admin Portal. Log in with administrator credentials.
- In the upper right corner of the page, click the green circle with your initials, and then select Administrators. The Administrators window appears.
- Click Details for the administrator for whom you want to enable MFA.
- Select Enable MultiFactor Authentication for Admin Login, and then click Save Administrator. After you enable MFA for the administrator account, an email is sent to the account’s email address with instructions for setting up MFA for their account.
- Follow the reset steps in the email. The admin is presented with the QR code and TOTP Key to add to their chosen TOTP token application.
Monitoring
The Admins Without MFA Required widget on the Admin Portal Home page shows how many Admins in your org do not have MFA required for Admin Portal login. Click the tile to view a list of the Admins without MFA required. From the list view, you can take the bulk action of enforcing MFA for some or all of the Admins listed.
Administrator roles determine who will be able to see and interact with this widget:
- Administrator with Billing – Can see the widget and can take action on the list
- Administrator Only, Help Desk, Manager, Read Only – Can see the widget but cannot take action on the list
- Billing Only – Cannot see the Home page
- Command Runner, Command Runner with Billing – Can see the Home page but cannot see this widget
See Admin Portal Roles for more information on roles.
To require MFA for Admins on Admin Portal login:
- From the Admin Portal Home page, click the Admins Without MFA Required tile.
- From the Admins Without MFA Required list, select the Admins you want to enforce MFA login for.
- Click Actions, then click Require MFA.
- On the confirmation modal, click Require MFA.
- The Admin will be required to log in with MFA on their next Admin Portal login.
The Admins Without MFA Required widget can be removed from the Admin Portal Home page, if desired.
To remove the Admins Without MFA Required widget:
- From the Admin Portal, go to Home.
- Click Settings.
- Under Configure and Customize Widgets, toggle Admins Without MFA Required to off.
Resetting MFA for an Administrator Account
If you’re locked out of your JumpCloud Administrator account after enabling MFA, you can reset your MFA.
To reset MFA on a JumpCloud Administrator account, log in with your username and password and when prompted for MFA, click the Reset TOTP MFA link. You may also ask the designated admin for your company to reset it for you.
You will be sent an email to reset your MFA:
- Check your email inbox.
- Click Set Up MFA in the email message.
- Enter your Email address and Password.
- When you enter them, Set Up MFA becomes activated.
- Click Set Up MFA.
- Download an Authenticator App if you do not have one already or click I Have An App if you already do.
- Use the app to scan the QR code.
- When you enter the verification code, the Submit button becomes activated. Click Submit.
- A message will display stating that the MFA reset was successful.
- An email will be sent to you confirming that your TOTP MFA reset was successful.