This feature is in Beta.
With device password syncing, Admins can control if a user’s local account password is managed by JumpCloud at an individual user-to-device level.
Prerequisites
- A password has to be active in JumpCloud for the password to be able to sync to the device.
Considerations
- Disabling Password Sync will prevent passwords from syncing from JumpCloud to the local account on the device. Password Sync should only be set to No if Users are meant to set local account passwords. These passwords may be reset from the device login window after a successful Identity Provider authentication.
- When Password Sync is set to No, the JumpCloud tray app is hidden on the device.
- Enabling Password Sync will sync the User’s JumpCloud password to the device, overwriting their current password. If the user does not know their JumpCloud password, this will result in the User being unable to login to their device.
- Password Sync disablement is NOT available on Linux devices.
- If Password Sync is set to No when the user is associated to the device, and a local account does not yet exist, the local account will be created with a randomized password. The user may reset the password at first login to access the account.
Device Password Syncing
To sync your device password from the Users page:
- Log in to the JumpCloud admin portal.
- Go to USER MANAGEMENT > Users.
- Select a user from the list, then click the Devices tab.
- Under the column Password Sync, there is a dropdown menu with the options Yes or No.
Note: If the user is already bound to the device with a local account, the password has to be active in JumpCloud to set the password sync to Yes.
- If you select No, then the password won’t get synced to the device, and the user will have a local device password. If you select Yes, then the password will get synced to the device.
- Click Save.
To sync your device password from the Devices page:
- Log in to the JumpCloud admin portal.
- Go to DEVICE MANAGEMENT > Devices.
- Select a device from the list, then click the Users tab.
- Under the column Password Sync, there is a dropdown menu with the options Yes or No.
Note: If the user is already bound to the device with a local account, the password has to be active in JumpCloud to set the password sync to Yes.
- If you select No, then the password won’t get synced to the device, and the user will have a local device password. If you select Yes, then the password will get synced to the device.
- Click Save.
Default Password Sync
When the Password Sync option is enabled, any new user to device associations will have their JumpCloud password synced to their device. If this is disabled, any new user to device associations will not have their JumpCloud password synced to their device. Instead, the user will enter a local password to log into the device. Password Sync is enabled by default, you will have to disable it to have user’s log in with a local device password.
To set default password sync:
Note: This is set to Yes by default, which means the device password is the same as the JumpCloud password.
- From the Devices page, in the top right corner, click Settings.
- Toggle Password Synchronization On to have passwords sync from JumpCloud to all devices. Toggle it Off to remove the sync between the device and the JumpCloud password.
Windows Self-Service PIN Reset for Local Password Users
Windows users with a local password or PIN can reset their PIN from the device login window.
- From the device login window, click Sign-in options.
- Click the JumpCloud logo.
- Enter the email address on the JumpCloud login page.
- You’ll be redirected to your Identity Provider to authenticate.
- If successful, you’ll be prompted to set a new PIN.
Mac Self-Service Password Reset for Local Password Users
Mac users with a local password can reset their passwords from the device login window.
- After one incorrect password attempt, a Forgot password? option will appear.
- Click the Forgot password? button.
- Enter the email address on the JumpCloud login page.
- You’ll be redirected to your Identity Provider to authenticate.
- If successful, you’ll be prompted to set a new password.