Subscribe to Help Center RSS Feedadded a line
JumpCloud Go enables secure passwordless authentication to JumpCloud-protected web resources on managed devices. Instead of traditional password sign-in challenges, users can verify their identity seamlessly using device authenticators with biometrics (Apple Touch ID and Windows Hello). This improves security for organizations by simplifying the user login flow, reducing authentication fatigue, and minimizing password use. JumpCloud Go authentication also satisfies any User Portal MFA requirements.
Users must first register JumpCloud Go with their credentials before passwordless verification becomes available.
For details on user registration and verification workflows see Use JumpCloud Go. For troubleshooting, see Troubleshoot: JumpCloud Go.
Features:
- Phishing-resistant: User sessions are issued only after requests are verified with the JumpCloud login service, eliminating possible entry points for bad actors.
- Device-bound and hardware-protected: JumpCloud Go leverages device authenticators and hardware secure stores to protect and secure user credentials.
- Passwordless: Faster, safer, and simpler user verification saves time for users and admins.
Prerequisites:
- JumpCloud Go supports macOS and Windows devices that meet these hardware specifications:
- macOS devices with a Secure Enclave.
- Windows devices with a Trusted Platform Module (TPM) 2.0.
- The JumpCloud agent has to be installed and running on macOS and Windows devices. See Install the Mac Agent and Install the Windows Agent.
- Google Chrome, Microsoft Edge, or other Chromium-based browser with the JumpCloud Go browser extension installed.
Considerations:
- Users need to be working from their JumpCloud-managed device and logged in to their managed device account. JumpCloud Go does not support local device accounts.
- Users will need to configure biometrics on their device to be able to utilize them with JumpCloud Go:
- For macOS devices, see Apple’s Use Touch ID on Mac.
- For Windows devices, see Microsoft’s Learn about Windows Hello and set it up.
- JumpCloud Go components are installed by the JumpCloud agent regardless of whether the setting is enabled in the Admin Portal. See Agent Compatibility, System Requirements, and Impacts.
Understanding Authentication Factors
When enabled, JumpCloud Go serves as an MFA factor for User Portal and SSO authentication. End users confirm their identity using their device authenticator. See MFA for Admins.
JumpCloud Go now serves as an MFA factor when accessing SSO apps in addition to the User Portal.
If MFA is enabled for User Portal authentication, JumpCloud Go uses 3 authentication factors to confirm a user’s identity during registration. For subsequent verifications, JumpCloud Go relies on user led configuration of biometrics on managed devices. JumpCloud Go also provides two factor authentication when biometrics aren’t configured, but uses alternative factors (device password):
JumpCloud Go Authentication Factors
| Factor Type | Registration without MFA | Registration with MFA | Verification with biometrics | Verification without biometrics |
|---|---|---|---|---|
| Something you have (managed device) | ✅ | ✅ | ✅ | ✅ |
| Something you are (biometrics) | ❌ | ✅ | ✅ | ❌ |
| Something you know (password) | ✅ | ✅ | ❌ | ✅ |
Installing the JumpCloud Go Browser Extension
The JumpCloud Go Chrome browser extension is required to use JumpCloud Go. You can install it on your devices in the following ways:
- To deploy the browser extension to multiple devices, you can use a JumpCloud policy or Google’s Chrome Browser Cloud Management (CBCM).
- Users can manually install the browser extension in Chrome, Edge, or other Chromium-based browsers on their device. See Use JumpCloud Go – Installing the Browser Extension.
Using JumpCloud Policy to Deploy the Extension
If your organization is not using Google Workspace and CBCM, you can deploy the browser extension to macOS and Windows devices using a JumpCloud policy. For instructions on using a policy to deploy the browser extension, see Create a Mac or Windows Chrome Force-Installed Extension List Policy.
Using CBCM to Deploy the Extension
If your organization is already using Google Workspace, you can deploy the JumpCloud Browser Extension with CBCM. See Chrome Browser Cloud Management documentation.
To install the JumpCloud Go Browser Extension via CBCM:
- Go to the Google Admin Portal and log in as a Google Administrator.
- Go to Devices > Chrome > Apps & Extensions > Users & browsers.
- Click ( + ) at the bottom of the screen, then select the Chrome icon to add a new extension from the Chrome Web Store.
- Search for the JumpCloud Go Browser Extension and click Select to add it.
- Click JumpCloud Go Browser Extension in the list to expand the menu, and in the right aside under Installation Policy, select Force Install.
Selecting Force Install in the Google Admin Portal will force the browser extension to install on managed Chrome browsers. See Google’s Managing Extensions in Your Enterprise.
You can use JumpCloud Browser Patch Management to enroll your devices in Google Chrome Browser Cloud Management to enforce the managed browser extensions. See Chrome Browser Cloud Management Settings.
Enabling JumpCloud Go
Once the JumpCloud Go browser extension is added to browsers on your devices, you’ll need to enable the feature in the Admin Portal.
JumpCloud Go is enabled for new organizations by default. If it is not enabled in your org, see the following steps to enable it in the Admin Portal.
To enable JumpCloud Go for your org:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Features > JumpCloud Go.
- Click to toggle JumpCloud Go to On.
- Click Save.
Enabling JumpCloud Go in Features will automatically enable it as an MFA factor in SECURITY MANAGEMENT > MFA Configuration for your users.
Using JumpCloud Go for Step Up MFA
JumpCloud Go SSO requests now have additional security with user and device verification occurring during every new application session established using Go. Users that authenticated to the User Portal with JumpCloud Go will now see the Go loader while accessing their SSO applications.
In addition, JumpCloud Go is now the default MFA method for SSO Conditional Access Policies (CAPs). When a user accesses an application protected by a CAP, they'll be prompted to "step up" and verify their identity using JumpCloud Go. See Get Started: Conditional Access Policies.
Disabling JumpCloud Go
To disable JumpCloud Go for your organization:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Features > JumpCloud Go.
- Click to toggle JumpCloud Go to Off.
- Click Save.
Disabling JumpCloud Go doesn’t remove the JumpCloud Go browser extension from devices. See the following section for steps to uninstall the browser extension.
Uninstalling the JumpCloud Go Browser Extension
The process to uninstall the JumpCloud Go Browser Extension depends on the method used to deploy it on your devices.
Users can manually remove the JumpCloud Go browser extension. See Use JumpCloud Go.
Using JumpCloud Policy to Remove the Extension
If you used a JumpCloud policy to install the browser extension, you will need to remove the devices from the associated policies created in the Admin Portal. See Create a Mac or Windows Chrome Force-Installed Extension List Policy for steps to remove managed devices from the associated policies.
Using CBCM to remove the extension
If you used CBCM to deploy the browser extension, you will need to remove the JumpCloud Go browser extension in the Google Admin Portal, or set the extension to Not Installed. See Google’s Managing Extensions in Your Enterprise.
FAQ
Yes - a company email and password is required to register JumpCloud Go. Users can still authenticate with traditional methods after Go is enabled.
No - at this time, only User Portal authentication is supported.
No - JumpCloud Go works with biometrics when users have configured them on their device. When biometrics are not configured, JumpCloud Go requires the user’s device password.
JumpCloud Go is now supported as an MFA method for conditional access policies protecting the User Portal and SSO apps. See Using JumpCloud Go for Step Up MFA and Get Started: Conditional Access Policies for more information.
In this Article
Learn More