JumpCloud Admin lets a JumpCloud administrator or a help desk person resolve common helpdesk requests on-the-go. You can unlock user accounts, force a user password change, remove MFA requirements, and see event logs for each user.
Prerequisites
- iOS: version 13 or greater
- Android: version 8 or greater
Overview of JumpCloud Admin
The JumpCloud Admin mobile app gives an IT admin or support technician the ability to troubleshoot and handle quick requests from their phone. These tasks include unlocking a user’s account or resetting MFA.
Larger workflows will continue to be handled from the JumpCloud portal.
- The dashboard shows users with Account Locked Out or Expired Passwords.
- The User screen shows all users
Supported Functionality
- View status:
- Admins can view an organizations’ users, and user states and statuses (locked out, suspended, and MFA).
- Admins can view Settings to determine app version, terms and conditions, and opt out of usage and quality data collection.
- User lifecycle functions
- Admins can suspend and restore a user’s account.
- Troubleshooting user lockouts
- Admins can unlock a user’s account, reset a user’s MFA (TOTP, Push, WebAuthn), and force a password change.
Using the JumpCloud Admin Mobile App
- Open the JumpCloud Admin app on your mobile device.
- Log in with your JumpCloud admin credentials.
- If TOTP MFA is required, you must input your TOTP code to authorize the JumpCloud Admin mobile app.
Use Cases
- Unlock a user’s account
- Reset and re-enroll a user’s MFA
- Remove a user’s MFA requirement
Use Case 1: Unlock a User’s Account
Scenario: A user contacted the help desk because their JumpCloud account is locked. How do I unlock this user’s account?
- On your mobile device, open the JumpCloud Admin app.
- Log in with your JumpCloud admin credentials.
You can set up JumpCloud Admin to log in using Face ID (iOS) or Fingerprint (Android).
- Tap on Accounts Locked Out and select the user you want to unlock.
- Scroll down to Directory Activities and review what triggered the lock. If you see suspicious behavior or patterns, investigate further.
- If the account unlock request is legitimate, tap Unlock User Account.
- Unlock User Account will reset the failed login counter for this user immediately.
- If you set an automatic time-based security setting for locked accounts in your Security policy, such as requiring the user to wait 30 minutes before they can try to log in again, Unlock User Account will also bypass this setting.
- Manually notify the user that their account is unlocked.
There is not an automatic notification system to inform the user their account is unlocked.
Use Case 2: Reset a User’s MFA
Scenario: A user lost their mobile device, or upgraded their smartphone and forgot to re-register their MFA client, and now they can’t log in to their JumpCloud Portal because they lost access to JumpCloud Protect, Google Authenticator, Duo, or a similar OTP app. How do I reset the user’s MFA on their account so they can re-enroll MFA on next login?
- On your mobile device, open the JumpCloud Admin app.
- Log in with your JumpCloud admin credentials.
You can set up JumpCloud Admin to log in using Face ID (iOS) or Fingerprint (Android).
- Tap on Total Users and select the appropriate user.
If users have a lock icon next to their name, it means the user has an MFA app configured.
- Scroll down to Directory Activities and investigate to determine if there is any suspicious activity.
- If there is no suspicious activity, tap Reset TOTP MFA.
- Manually notify the user that their account is unlocked.
There is not an automatic notification system to inform the user their account is unlocked.
Use Case 3: Remove a User’s MFA Requirement
Scenario: A user temporarily lost or misplaced their mobile device and can’t access the JumpCloud Portal because they don’t have access to JumpCloud Protect or a similar OTP app. How do I allow the user to sign in without MFA?
- On your mobile device, open the JumpCloud Admin app.
- Log in with your JumpCloud admin credentials.
You can set up JumpCloud Admin to log in using Face ID (iOS) or Fingerprint (Android).
- Tap on Total Users and select the appropriate user.
If users have a lock icon next to their name, it means the user has an MFA app configured.
- Scroll down to Directory Activities and investigate to determine if there is any suspicious activity.
- If there is no suspicious activity, tap Remove MFA Requirement.
ou can remove a user’s MFA requirement from the JumpCloud Admin mobile app, but you cannot re-enable MFA from the mobile app. To re-enable a user’s MFA, you must use the JumpCloud Admin Console.
- Manually notify the user that you removed their MFA login requirement.
When the user regains access to their mobile device, you must re-enable their MFA. For more information, see JumpCloud MFA Guide.
- When the time comes, re-enable MFA for the user.
- From the JumpCloud Admin Console, go to Users > User > Details > User Security Settings and Permissions and select Require Multi-factor Authentication on the User Portal.