User identities are at the core of JumpCloud. As a core directory, JumpCloud provides centralized, authoritative versions of each employee's identities so they can use a single set of credentials across all their resources, including Systems, LDAP, RADIUS and more. Users can be created manually within the JumpCloud Administrative Console, imported or synchronized via another directory, or via an automated process leveraging the JumpCloud API. This article describes how to create them manually via the Administrator Console.
1 - Add a User
To add a new user account, go to Users, select the +
- First/Last Name
- Email (required) - For G Suite and Office 365, the JumpCloud email must match the external directory
- Username (required) - This cannot be changed once set. Consider the naming convention for users before building your directory
- Global Administrator - When enabled, the user will be an admin/sudoer on all systems to which they are bound; this also allows for passwordless sudo on Linux systems
- Enable as LDAP Bind DN - When enabled, this user acts to bind and search to JumpCloud LDAP directory; one or more users can enable this option
- Initial Password - When specified, the user will not receive an email to complete System User activation and will be activated immediately
- Password expiration - If password expiration is enabled in the global Security settings, a password expiration date will be displayed. Individual users may also have PASSWORD NEVER EXPIRES set and they will be excluded from the global expiration setting. N/A for users managed with Active Directory Bridge.
- User creation date - The date the user was created in the JumpCloud organization is displayed
- Enable Multifactor Authentication on the JumpCloud User Portal - When enabled, the user will be prompted for a TOTP token as a second factor in order to log in to the User Portal. MFA setup status is also displayed. For more information, see How to Enable Multifactor Authentication
- Enforce UID/GID consistency for all systems (when the global setting is enabled) - May be specified, or will increment starting at 5000. The user will be assigned the desired UID/GID on a supported OS when bound to a system. This setting cannot be disabled once saved. See Configuration Alerts and Notifications to resolve conflicts.
- Public Keys - SSH keys may be saved to the user and will be distributed to any Linux system with Public Key Authentication turned on
2 - Activate a User
You can either set a temporary password for the user or email the user to set their own:
- If an administrator sets the Initial Password as above, the user will be immediately active
- If no password is set during creation, JumpCloud will send an email to the user with a link that allows them to set their password
Other information may be tied to systemuser record using the API. See our API Documentation for more details.
3 - Bind a User
Once your user is active, you can bind them to any of the resources connected to JumpCloud - from their systems to applications to networks and more.