JumpCloud Go™ provides the most secure and convenient way for users to access their JumpCloud-protected resources the moment they unlock their managed device. After initial registration with their password, users verify their identity seamlessly during device login, unlock, or in the browser using device authenticators with biometrics (Apple Touch ID and Windows Hello). JumpCloud Go improves security for organizations by simplifying the user login flow, reducing authentication fatigue, and minimizing password use. JumpCloud Go authentication also satisfies any User Portal MFA requirements.
- Users must first register JumpCloud Go on their device using their credentials before passwordless verification becomes available.
- For details on user registration and verification workflows, see Use JumpCloud Go. For troubleshooting, see Troubleshoot: JumpCloud Go.
- This article covers JumpCloud Go for desktops. To use JumpCloud Go on Apple and Android mobile devices, see Get Started: Mobile Device Trust.
Features:
- Phishing-resistant: After registering their device, users don’t enter their credentials in a browser session. Instead, users verify their identity using either their local device password or biometric device authenticator.
- Device-bound and hardware-protected: JumpCloud Go leverages device authenticators and hardware secure stores to protect and secure user credentials.
- Passwordless: Faster, safer, and simpler user verification saves time for users and admins.
Prerequisites:
- JumpCloud Go supports the following device types that meet these hardware requirements:
- macOS devices with a Secure Enclave.
- Windows devices with a Trusted Platform Module (TPM) 2.0.
- Linux devices (GNOME-based distros) with a Trusted Platform Module (TPM) 2.0.
- The JumpCloud agent has to be installed and running on macOS, Windows, and Linux devices. See Install the JumpCloud Agent.
- The JumpCloud Go browser extension has to be installed on a supported web browser:
- Chromium-based browsers (Google Chrome, Microsoft Edge, and Brave only) with the JumpCloud Go Chrome extension.
- Firefox with the JumpCloud Go Firefox extension.
- Note: Firefox is only supported on macOS and Windows devices.
- If the browser extension isn’t installed, see Installing Browser Extensions Manually.
Considerations:
- Users need to work from their JumpCloud-managed device and be logged in to their managed device account. JumpCloud Go doesn’t support local device accounts.
- Biometrics are only supported on macOS and Windows devices. Users need to configure biometrics on their device to use them with JumpCloud Go:
- For macOS devices, see Apple’s Use Touch ID on Mac.
- For Windows devices, see Microsoft’s Learn about Windows Hello and set it up.
- For Linux devices:
- Self-contained browsers installed using Snap or Flatpack (including the built-in Firefox browser in some distros) aren’t supported. Only browsers installed using standalone methods are supported.
- Only Chromium-based browsers (Chrome, Edge, and Brave) with the Chrome extension are supported on Linux.
- After enabling JumpCloud Go, users on CentOS 7/RHEL 7 devices need to log out and log back in.
- The JumpCloud agent will install JumpCloud Go components regardless of whether the setting is enabled or disabled in the Admin Portal. See Agent Compatibility, System Requirements, and Impacts.
Understanding Authentication Factors
When you enable JumpCloud Go, it serves as an MFA factor for User Portal and SSO authentication. End users confirm their identity using their device authenticator. See MFA for Admins.
JumpCloud Go serves as an MFA factor when accessing SSO apps in addition to the User Portal.
If you also enable MFA for User Portal authentication, JumpCloud Go uses 3 authentication factors to confirm a user’s identity during registration. For subsequent verifications, users can manually configure biometrics on their device for JumpCloud Go. JumpCloud Go also provides two factor authentication when biometrics aren’t configured, but uses alternative factors (local device password):
JumpCloud Go Authentication Factors
Factor Type | Registration without MFA | Registration with MFA | Verification with biometrics | Verification without biometrics |
---|---|---|---|---|
Something you have (managed device) | ✅ | ✅ | ✅ | ✅ |
Something you are (biometrics) | ❌ | ✅ | ✅ | ❌ |
Something you know (password) | ✅ | ✅ | ❌ | ✅ |
Installing the JumpCloud Go Browser Extension
The JumpCloud Go browser extension is required to use JumpCloud Go. You can install it on your devices in the following ways:
- Chrome only: Deploy the browser extension to multiple devices using a JumpCloud policy or Google’s Chrome Browser Cloud Management (CBCM).
- All browsers: Users can manually install the browser extension on their device.
- For Chrome, Edge, or other Chromium-based browsers, see Use JumpCloud Go – Installing the Browser Extension.
- For the Firefox browser, see Use JumpCloud Go – Firefox Extension.
Chrome: Using JumpCloud Policy to Deploy the Extension
If your organization is not using Google Workspace and CBCM, you can deploy the browser extension to macOS and Windows devices using a JumpCloud policy. For instructions on using a policy to deploy the browser extension, see Create a Mac or Windows Chrome Force-Installed Extension List Policy.
Chrome: Using CBCM to Deploy the Extension
If your organization is already using Google Workspace, you can deploy the JumpCloud Browser Extension with CBCM. See Chrome Browser Cloud Management documentation.
To install the JumpCloud Go Browser Extension via CBCM:
- Go to the Google Admin Portal and log in as a Google Administrator.
- Go to Devices > Chrome > Apps & Extensions > Users & browsers.
- Click ( + ) at the bottom of the screen, then select the Chrome icon to add a new extension from the Chrome Web Store.
- Search for the JumpCloud Go Browser Extension and click Select to add it.
- Click JumpCloud Go Browser Extension in the list to expand the menu, and in the right aside under Installation Policy, select Force Install.
- Selecting Force Install in the Google Admin Portal will force the browser extension to install on managed Chrome browsers. See Google’s Managing Extensions in Your Enterprise.
You can use JumpCloud Browser Patch Management to enroll your devices in Google Chrome Browser Cloud Management and enforce the managed browser extensions. See Chrome Browser Cloud Management Settings.
Enabling JumpCloud Go
After adding the JumpCloud Go browser extension to your browsers on your devices, enable the feature in the Admin Portal.
- JumpCloud Go is enabled for new organizations by default. If it is not enabled in your org, see the following steps to enable it in the Admin Portal.
- Enabling JumpCloud Go in Features will automatically enable it as an MFA factor in SECURITY MANAGEMENT > MFA Configuration for your users.
To enable JumpCloud Go for your org:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Features > JumpCloud Go.
- Click to toggle JumpCloud Go to On.
- Click Save.
Using JumpCloud Go for Step Up MFA
JumpCloud Go SSO requests have additional security with user and device verification occurring during every new application session established using Go. Users that authenticate to the User Portal with JumpCloud Go will see the Go loader while accessing their SSO applications.
In addition, JumpCloud Go is the default MFA method for SSO Conditional Access Policies (CAPs). When a user accesses an application protected by a CAP, they'll be prompted to "step up" and verify their identity using JumpCloud Go. See Get Started: Conditional Access Policies.
Disabling JumpCloud Go
To disable JumpCloud Go for your organization:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Features > JumpCloud Go.
- Click to toggle JumpCloud Go to Off.
- Click Save.
If you disable JumpCloud Go, the JumpCloud Go browser extension is not automatically removed from the associated devices. See the following section for steps to uninstall the browser extension.
Uninstalling the JumpCloud Go Browser Extension
The process to uninstall the JumpCloud Go browser extension varies depending on how it was deployed on your devices.
If users manually installed the extension, they can remove it directly from their browser. See Uninstalling the Browser Extension. Otherwise, see the following section if you deployed the Chrome browser extension to your devices.
Chrome: Using JumpCloud Policy to Remove the Extension
If you used a JumpCloud policy to install the browser extension, you will need to remove the devices from the associated policies created in the Admin Portal. See Create a Mac or Windows Chrome Force-Installed Extension List Policy for steps to remove managed devices from the associated policies.
Chrome: Using CBCM to remove the extension
If you used CBCM to deploy the browser extension, you will need to remove the JumpCloud Go browser extension in the Google Admin Portal, or set the extension to Not Installed. See Google’s Managing Extensions in Your Enterprise.
FAQ
Yes. A company email and password is required to register JumpCloud Go. Users can still authenticate with traditional methods after JumpCloud Go is enabled.
No. Only JumpCloud User Portal and SSO app authentication are supported.
No. JumpCloud Go works with biometrics when users have configured them on their device. When biometrics aren't configured, JumpCloud Go requires the user’s local device password for verification.
JumpCloud Go is supported as an MFA method for conditional access policies protecting the User Portal and SSO apps. See Using JumpCloud Go for Step Up MFA and Get Started: Conditional Access Policies for more information.