Before you start this process, make sure you're using one of our Supported Web Browsers.
You can configure the actions taken by various resources like Google Workspace, LDAP, Microsoft 365, or RADIUS when a user has an expired JumpCloud password or is locked out of their JumpCloud account. See Manage Password and Security Settings to learn more.
Considerations:
- The process for resetting user and admin passwords varies. Refer to the following sections for instructions for the each process.
- Users and Admins are prompted for an email address when they reset their password. The password reset email is sent to valid admins or users. After the password is reset, the change affects any service endpoints the user is connected to.
- If a user account is locked due to repeated failed login attempts, their account can be unlocked without the user having to reset their password. See Manage Password and Security Settings to learn more.
Reset Admin Passwords
Resetting an Admin Password Yourself
To reset an Admin password:
- Go to the JumpCloud Admin Portal login.
- Click the Reset Administrator Password link.
- Enter the email address for your admin account in the Email field. Then click Set Password. A confirmation email is sent with the subject “JumpCloud Password Reset”.
- Click Reset Password in the email. Note this link expires in 1 hour.
- In the Set Administrator Password modal, enter a Password, then enter the password again in Confirm Password.
- Admin passwords must be between 12-64 characters in length and cannot contain the admin’s email or username.
- Read the Terms of Service and check the box to agree.
- Click Set Password.
- If MFA is enabled for your JumpCloud account, you need to authenticate your account with TOTP.
- TOTP: Enter a six digit code from an authenticator app such as JumpCloud Protect or Google Authenticator. See JumpCloud Protect for Admins to learn more.
- If MFA is enabled for your JumpCloud account, you need to authenticate your account with TOTP.
- A “Password reset was successful.” message appears. An email will also be sent stating that the password reset was successful.
Here's a guided simulation: Reset Your JumpCloud Administrator Password
Resetting an Admin Password via Another Admin
To reset an Admin password via another Admin:
- Log in to the JumpCloud Admin Portal.
- Click on your initials in the upper right-hand corner of the screen.
- Click Administrators.
- Select the admin who needs a password reset.
- Under Account Settings, click Send Password Reset Email > Send. An email will be sent to the admin within 10 minutes, and it has to be verified within 24 hours.
- If the admin doesn’t receive the email, ensure to check the Junk/Spam folder and that [email protected] is whitelisted.
- Click Reset Password in the email.
- In the Set Administrator Password modal, enter a Password, then enter the password again in Confirm Password.
- Admin passwords must be between 12-64 characters in length and cannot contain the admin’s email or username.
- Read the Terms of Service and check the box to agree.
- Click Set Password.
- If MFA is enabled for your JumpCloud account, you need to authenticate your account with TOTP:
- TOTP: Enter a six digit code from an authenticator app like JumpCloud Protect or Google Authenticator. See JumpCloud Protect for Admins to learn more.
- An email will also be sent stating that the password reset was successful.
Reset User Passwords
Resetting Your Own User Password
To reset your password when you don't know your old password:
- Log in to the JumpCloud User Portal.
- If you’re on the Admin Portal login page, click the User Portal Login link.
- Click the Reset User Password link.
- Enter the email address for your user account in the Email field, then click Send Reset Request.
- Click the secure Reset Password link that has been sent to the email address you entered.
- Enter your new password in both password fields and click Reset Password.
- Select either I use Mac, I use Windows, or I use Linux.
- Click I don’t see how, continue to portal at the bottom of the screen.
- Enter a new password, and then again to confirm it.
- User passwords must be between 12-64 characters in length and cannot contain the user’s email or username.
- If MFA is enabled for your JumpCloud account, you need to authenticate your account. Depending on the types of MFA enabled by your organization, you’ll see one of two options:
- Push: Use the JumpCloud Protect app to verify your identity with a push notification.
- A cancel button displays on the login screen while you’re verifying your identity using Push MFA. Clicking this button has no effect on the push notification.
- TOTP: Enter a six digit code from an authenticator app such as JumpCloud Protect or Google Authenticator. Then click Reset Password.
- Push: Use the JumpCloud Protect app to verify your identity with a push notification.
- The Duo app is also supported, but is only used when no other form of MFA has been enabled. If you’re using Duo as your only form of MFA verification, you’ll receive a notification on your device to verify your identity. Once you complete the authentication, your password will be reset and you’ll be able to log in.
- If the admin has enabled password reset with recovery email, and if you have a verified recovery email, the password reset link will be sent to the recovery email address in addition to the primary email address. You can click the Reset Password link from the recovery email and verify your identity using MFA to successfully reset the password. MFA has to be enabled in order to reset the password yourself.
Admin Resetting a User Password for a User
Sometimes users may get locked out of their account and need an admin to reset it for them. If your organization has enabled password recovery with a recovery email , and the user has a verified recovery email, the user will receive a password reset link sent to the recovery email. The user would click the password reset link from the recovery email, enter a new password, and verify their identity using MFA.
To reset a user password for a user:
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users.
- Select the user whose password needs to be reset.
- From the Details tab, scroll to User Security Settings and Permissions.
- From this section, you can enter a Password Recovery Email for the user and a temporary password for the user.
- Click Reset Password to set a new, temporary password for the user.
- After making the updates, click Save User.
TOTP attempts are not unlimited. Allowed number of user attempts is set by the IT Admin. Admin attempts are limited to five. If settings are selected, that will count toward password or MFA attempts.
Adding a Password Recovery Email Address
Please add a personal email address that is different from your org email so that if you ever get locked out of your account, a recovery email will be sent to your personal email address, as well as your org email address. This will help you if for some reason you can't access your org email account.
To add a recovery email as a user:
- Log in to the JumpCloud User Portal.
- Go to Profile > Recovery Email.
- Under Recovery Email, enter a personal email address that is different from your org email address.
- Click Save. An email is sent to the email address that you just provided for verification.
- Within the specified time, click Verify Now! in the email that was sent to your personal recovery email address. If you don’t verify within the specified time, you’ll need to enter the email address again in the User Portal.
- The user will be directed to the User Portal login page. Upon successful login, a confirmation email is sent stating that the user’s recovery email address has been verified.
To add a recovery email as an admin:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Organization Profile > User Portal Settings.
- Go to Settings > Security > Password Recovery Email.
- Click the Enable Password Recovery Email for Users checkbox.
- Click save changes.
- The Password Recovery Email address will display under User Security Settings and Permissions.
- Users can’t use the feature until the Admin Portal settings are turned on.
When the verification email is sent, the user will have four hours to validate their alternate email address. If they don’t validate by then, the email will need to be resent.
When they validate it, a green checkmark icon displays by their Password Recovery Email address under User Security Settings and Permissions. If you hover over the checkmark with your cursor, a timestamp displays the date and time that it was verified.
Troubleshooting
When a user resets their password from the User Portal login and receives this message, it is because the admin has enforced MFA for the User Portal and the user has not yet enrolled in MFA. An admin will need to reset the end user password.
To prevent these types of password lockouts, you can enable your users to reset their password when MFA is enforced for the User Portal but they have not yet enrolled. See Manage Password and Security Settings.