Help Center Home > Security Management > MFA for Users

MFA for Users

If you are a JumpCloud Admin or want to learn about administrative MFA configurations, see MFA for Admins.

Multi-factor Authentication (MFA) helps secure access to the resources you use everyday by asking you to prove who you are with multiple factors. When MFA is enabled, you have to prove who you are with something you know, like a username and password, something you have, like a security key, and something you are, like a fingerprint.

When your IT Admin requires you to use MFA, you need to provide your username and password and an additional factor to log in. MFA is sometimes also referred to as Identity Verification or Two-Factor Identification (2FA). You may be required to use one or more of the following MFA Factors with your JumpCloud user account:

Verification Code (TOTP) MFA
Security Keys
Device Authenticator
Duo Security MFA
Push MFA
JumpCloud Go

About Verification Code (TOTP) MFA

Verification Code (TOTP) MFA uses authentication codes called Time-based One Time Passwords (TOTP). These codes are generated from an authenticator application on a mobile phone or computer, like JumpCloud Protect, Google Authenticator, or Yubico Authenticator.

When you log in to a resource that’s guarded by TOTP MFA, you need to provide your username, password, and a TOTP code generated by the authenticator application on your phone or computer.

Using Verification Code (TOTP) MFA

Your IT Admin decides where you use TOTP MFA, but you may be asked to use TOTP MFA when you log in to the User Portal, RADIUS, and Mac, Linux, and Windows systems.

Note:

For certain applications, the user will need to manually advance, or use the tab key, to enter the code digit by digit in the individual TOTP fields.

You can set up and find your TOTP MFA status when you go to the SECURITY tab in the User Portal.

To learn how to use TOTP MFA:

Identity Verification Overview: Users

About Security Keys

A security key is a device that often looks like a USB drive that's used with MFA.

When you log in to a resource that's guarded by a security key, you must provide your username, password, and security key.

Using Security Keys

You can use security keys to log in to the User Portal and SSO applications and to verify password resets made from the User Portal.

You can set up and find your security key status when you go to the Security tab in the User Portal.

About Device Authenticators

Device authenticators are unique to your device and are often a biometric device like Apple Touch ID or Windows Hello. This can be used as a form of authentication to verify your identity.

Note:

To enroll Windows devices with device authenticator, Windows Hello must already be set up.

You can enroll your device and find your device authenticator status in the Security area of your User Portal.

To learn how to use security keys or device authenticators:

Use Security Key or Device Authenticator with User Accounts

About Duo Security MFA

Duo Security MFA lets you log in to a resource using push notifications, phone callbacks, and mobile passcodes provided by Duo. Your IT Admin chooses the authentication options you have for Duo Security MFA.

When you log in to a resource that’s guarded by Duo Security MFA, you need to provide your username, password, and choose an authentication option. Then you provide the factor that’s required for authentication.

Using Duo Security MFA

You can use Duo Security MFA to log in to the User Portal and SSO applications and to verify password resets made from the User Portal.

You only see Duo Security MFA when you choose to use it to log in to a resource. You don’t see it in the User Portal.

To learn how to use Duo Security MFA:

Use Duo Security with JumpCloud MFA

About Push MFA

Push MFA is a type of solution that sends a notification to your mobile device after you've logged in to a resource with your username and password. When you click the notification, you're asked to approve or deny the login request. When you tap Approve, you gain access to your resource.

Tip:

JumpCloud protects against fraudulent push attempts by blocking more than one notification per resource within a sixty second period (the number of maximum concurrent attempts can be changed by an admin). You can try again after the timeout or after you have approved or denied the initial request.

Typically you have to download an app when you set up for Push MFA. To use Push MFA with your JumpCloud user account, your admin has you download JumpCloud Protect.

Learn more about the JumpCloud Protect app.

Using Push MFA

Use Push MFA to log in to your User Portal and SSO applications.

You can set up and find your Push MFA status when you go to the Security tab in the User Portal.

About JumpCloud Go

JumpCloud Go enables passwordless login to JumpCloud-managed web resources on your managed device. Other than initial registration, you won’t need to enter your email, password, and MFA every time you access your resources. Instead, you’ll verify your identity with your device authenticator (Apple Touch ID or Windows Hello) every 12 hours.

Using JumpCloud Go MFA

When enabled, you can approve User Portal and SSO login requests from your managed device authenticator.

To learn how to use JumpCloud Go:

Use JumpCloud Go

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

Build the Foundation for a Unified Stack