Admin Portal Roles

Admin Roles are part of the foundation of protecting your organization by restricting access to only the areas people need to perform their daily job duties. JumpCloud offers a variety of roles to help keep things organized and secure.

To set these roles, see Settings in the JumpCloud Admin Portal.

Note: Role based permissions apply to administrator actions both in product, and the API key of each administrator.

Administrator With Billing

This role is considered a Super Admin. 

Important: Carefully consider who you give this level of access. Accounts with this role have all privileges and can:

  • Perform all user management tasks: create, modify, and delete user and administrator accounts.
  • Perform all group management tasks: create, modify, and delete user and device groups.
  • Perform all device management tasks: create, modify, delete, and grant access to devices; configure and run commands; configure and run device configurations / policies; configure and manage MDM settings and policies.
  • Perform all user authentication tasks: configure, grant access to, and require authentication resources such as LDAP, RADIUS, SSO and SCIM applications.
  • Perform all directory integration tasks: configure and manage directory integrations, provision and deprovision users in integrated directories.
  • Perform all security management tasks: configure and require Multi-factor Authentication factors; configure Password Settings.
  • Perform all account management tasks: configure all of JumpCloud’s settings.
  • Perform billing management tasks: update the account payment method. Only roles with billing privileges can manage payment methods for JumpCloud accounts. Learn about Billing roles
  • Perform all administration tasks for the Multi-Tenant Portal: all previously mentioned administration tasks for organizations in a Multi-Tenant Portal.

Administrator

Important: Carefully consider who you give this level of access.

This role has all of the privileges of an Administrator With Billing except privileges to manage payments (Billing), administrators, or the Multi-Tenant Portal.

Manager 

Accounts with this role can manage users, devices, and groups.

Command Runner With Billing

Accounts with this role can manage account payment methods.

Command Runner

Accounts with this role can only run commands they're given access to. 

Help Desk

Accounts with this role can access and view JumpCloud resources, submit support requests, and manage users in the following ways:

  • Create and delete users
  • Reset account passwords
  • Unlock users
  • Set Admin/Sudo permissions on a user’s device from the User > Devices tab

Billing Only

Accounts with this role can access the Account tab in the MTP, with Read Only permissions everywhere else. From the Account tab, Admins can review the Account Overview, review payment history, update mailing and billing information, and view the usage associated with the account. 

Read Only

Accounts with this role have read-only permissions; they can access and view users and other JumpCloud resources, but can't perform any management tasks.

When you apply roles with limited permissions, a banner is shown in the Admin Portal that explains the level of permissions the account has. 

The following table outlines role permission scope for new and legacy roles. 

Admin Portal Roles

Admin Role
Scope Administrator with Billing Administrator Manager Command Runner with Billing Command Runner Help Desk Read Only Billing Only

Administrators:

  • creating
  • editing
  • assigning roles
  • deleting
Edit Read Only Read Only No Access No Access Read Only Read Only No Access

Billing:

Billing payment information, including:

  • adding
  • removing
  • managing 
Edit No Access No Access Edit No Access No Access No Access Edit

Multi-Tenant Portal:

  • organization and administrator management
Edit Read Only Read Only N/A N/A Read Only Read Only No Access

Organization & User Portal:

  • organization details
  • email configurations
  • User Portal session management
Edit Edit Read Only No Access No Access Read Only Read Only No Access

Authentication:

  • authentication policies 
  • organization-level MFA configurations
Edit Edit Read Only No Access No Access Read Only Read Only No Access

Users:

  • creating
  • viewing
  • managing attributes
  • deleting
  • passwords
  • MFA requirements & enrollments
  • lockouts
  • direct assignments to resources
Edit Edit Edit No Access No Access

Edit*

 

 

*Read Only for direct assignments to resources

Read Only No Access

Groups:

  • creating
  • viewing
  • deleting
  • configuring
  • managing attributes
  • membership & assignment of resources to groups
Edit Edit Edit No Access No Access Read Only Read Only No Access

Devices:

  • installing agent
  • managing attributes
  • viewing
  • deleting
  • applying policies
  • MDM management
Edit Edit Edit No Access No Access Read Only Read Only No Access

Directory & App User Management:

  • directory integrations & application (SCIM Identity Management)
  • user exports
Edit Edit Read Only No Access No Access Read Only Read Only No Access

In-Product Support:

  • submitting support tickets
  • requesting features
Edit Edit Edit Edit Edit Edit No Access Edit

Case Portal:

Actions relating to submitted tickets and feature requests, including:

  • viewing
  • filtering
  • searching 
Edit Edit Edit Edit Edit Edit Read Only Edit

Notifications in the Admin Portal:

  • viewing
  • dismissing 
Edit Edit Read Only Read Only Read Only Read Only Read Only Read Only

Insights:

Actions in Directory Insights and System Insights, including:

  • viewing
  • querying
Edit Edit Edit No Access No Access Edit Edit No Access

Commands:

  • creating
  • viewing
  • scheduling
  • running
  • assigning
Edit Edit Edit Running & Scheduling access to Commands for assigned Commands Running & Scheduling access to Commands for assigned Commands Read Only Read Only No Access

Bulk User Imports:

  • bulk imports of users leveraging the JumpCloud job service
Edit Edit Edit No Access No Access  Edit Read Only No Access

SSO Applications:

  • configuring of SAML SSO for applications
Edit Edit Read Only No Access No Access  Read Only Read Only No Access

RADIUS servers:

  • creating
  • editing
  • viewing
  • deleting
Edit Edit Read Only No Access No Access  Read Only Read Only No Access

Remote Assist:

  • launching remote sessions
  • viewing and controlling end-user devices
Edit Edit Edit No Access No Access  Launch Remote Assist (if Remote Assist is enabled in Settings) No Access  No Access

SaaS Management:

  • settings
  • reviewing applications
Edit Edit Edit No Access No Access  Read Only Read Only No Access
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case