JumpCloud Go™ for Mobile lets you access the JumpCloud User Portal and SSO apps securely and seamlessly from your mobile device. After registering your device with JumpCloud Protect®, you can verify your identity using biometrics without entering a password. Learn how to enroll your mobile device in Device Management and use JumpCloud Protect to access your company’s protected resources.
If your admin enables Device Trust, you can access protected resources only on trusted devices. To ensure your mobile device is trusted and registered with JumpCloud Go, you must follow the steps in this article to enroll in Device Management and JumpCloud Protect.
Prerequisites:
- Your device is enrolled in JumpCloud Device Management:
- For a company-owned device:
- You’ll need to work with your admin to enroll it.
- For Apple devices, see Add Company-Owned iOS Devices to MDM.
- For Android devices, see Enrolling Company-Owned Android Devices.
- Important: Your admin must bind your user account to your device in JumpCloud after enrolling it. See Bind Users to Devices.
- You’ll need to work with your admin to enroll it.
- For a personal or BYOD device, you can enroll it yourself. See the following section Enrolling a Personal Device in Device Management to learn more.
- For a company-owned device:
- Your admin deploys the JumpCloud Protect app to your device. If you don’t see it on your device, contact your admin. See Get Started: Mobile Device Trust to learn more.
- Your device meets certain security and compliance requirements. For example, your device must be running a supported OS:
- Apple:
- iOS 14+
- iPadOS 14+
- Android:
- Android 5.0+
- Google Play Services must be enabled on your device.
- Apple:
- Biometrics are configured on your device:
- For Apple devices, see Apple’s support documentation to learn more:
- For Android devices, see Google’s support documentation to learn more:
Considerations:
- You can only access resources that are assigned by your admin. If you don’t see a particular SSO app available in the User Portal, contact your admin.
Enrolling a Personal Device in Device Management
Before you can use JumpCloud Go for Mobile, you first need to enroll your device in JumpCloud Device Management. You can enroll it directly from the User Portal using the following resources:
- For Apple devices, see Users: Enroll Your Personal iOS Device.
- For Android devices, see Users: Enroll Your Personal Android Device.
Jump to Additional Resources for tutorial videos of enrolling Apple and Android devices.
Configuring the JumpCloud Protect App
After enrolling your device in Device Management, your admin needs to deploy the JumpCloud Protect app to it. If you don’t see the app on your device home screen or app library, contact your admin.
You must open the JumpCloud Protect app and enable notifications before registering JumpCloud Go for Mobile.
Configuring the JumpCloud Protect app varies depending your device and enrollment type:
- For Android devices:
- When your device is enrolled in Android EMM, your admin will either deploy the JumpCloud Protect app, or it will be available in the Managed Google Play Store (or the Work Profile side of the device).
- For Apple devices:
- Automated Device Enrollment (Company-owned): JumpCloud MDM can silently push the managed JumpCloud Protect app to your device or silently take over a personally installed version of it.
- Profile-driven Device Enrollment (Company-owned): JumpCloud MDM can push the managed JumpCloud Protect app to your device or take over a personally installed version of it, but will prompt you to approve.
- User Enrollment (BYOD): JumpCloud MDM can push the managed JumpCloud Protect app to your device and prompt you to approve. However, if you already have a personally installed version of JumpCloud Protect, you’ll need to decide whether to remove it and have the admin push it, or use the existing app on your device.
Deleting the JumpCloud Protect app will remove and invalidate your Mobile Push and TOTP tokens.
Registering Your Device with JumpCloud Go
Use the managed JumpCloud Protect app to register your device with JumpCloud Go and create a secure token for accessing protected company resources.
Browser Requirements:
- On Apple devices, Safari is the recommended browser for JumpCloud Go registration. If you have another default browser set, you may need to set the default browser to Safari to complete registration.
- On Android devices, managed Google Chrome is required for JumpCloud Go registration. Your admin will either deploy the managed Google Chrome app, or it will be available in the Managed Google Play Store (or the Work Profile side of your device).
You can’t register your device directly from the JumpCloud Protect app; you must register it from the JumpCloud User Portal in the browser.
- In your device browser, go to the JumpCloud User Portal.
- In the Email field, enter your company email address and tap Continue.
For Android devices with a Work Profile, you must configure biometrics and a PIN specifically for the Work Profile to proceed.
- The JumpCloud Passwordless Login automatically appears.
- (On Apple devices) At the popup for “JumpCloud Protect” wants to use “jumpcloud.com” to Sign In, select Continue.
- The User Login page appears. In the Email field, enter your company email address and select Continue.
- In the Password field, enter your password and select Log in.
- If your organization requires multi-factor authentication (MFA), approve the authentication request with your configured authentication method. See MFA for Users to learn more.
- The Passwordless Login screen appears and redirects you to JumpCloud Protect to complete the registration process.
- On Apple devices:
- Tap the JumpCloud Protect notification to go to the Protect app and complete registration. When complete, JumpCloud Protect app displays this message: Configured. You can return to the previous app.
- Tap the top left of the screen to return to the browser and the User Portal.
- On Apple devices:
- Your device is registered with JumpCloud Go. When you return to the User Portal, use JumpCloud Go to verify your identity with biometrics.
Jump to Additional Resources for tutorial videos of the JumpCloud Go registration process on Apple and Android devices.
Verifying Your Identity with JumpCloud Go
Registering your mobile device with JumpCloud Go enables seamless access to any of your protected resources. When you access the User Portal or a protected resource, JumpCloud Protect automatically appears and uses JumpCloud Go to verify your identity with device biometrics (fingerprint or FaceID for example). You don’t need to enter any additional credentials.
Checking JumpCloud Go in the Protect App
You can check your JumpCloud Go registration status, or disable it as an authentication method within the JumpCloud Protect app:
- On your mobile device, open the JumpCloud Protect app and select the Accounts tab.
- Locate the JumpCloud Go entry in the list and tap to select it.
- (Optional) You can view more details on the token, or delete it if you need to reregister.
- (Optional) In the bottom right of the Protect app, go to the More tab and select Settings. Under JumpCloud Go, you can toggle JumpCloud Go to disable it.
Disabling JumpCloud Go on your device lets you sign in with your credentials. This is helpful if you encounter issues accessing the User Portal or the Protect app using JumpCloud Go.
Additional Resources
Show Me:
- Adding a Personal iOS Device
- Adding an Employee-Owned Android Device
- Using JumpCloud Go on iOS
- Using JumpCloud Go on Android