Support Center

Binding Users to Resources

If your organization was created before Tuesday, April 11 2017, see Getting Started: Tags

All resources in JumpCloud are 'implicit deny', which means that by default, users will not have access to a resource endpoint until they are explicitly bound to it either directly or through group membership.

User Bindings

Users may be bound to the following resources:
  • User Groups
  • Systems
  • Directories


User Groups - Binding a user to a Group of Users is an organizational construct, no access is granted until that group has been bound to a resource. You can edit group membership in this view 

Systems - Binding a user directly to a system is good practice if this will be a 1:1 relationship; e.g., if this is a single user being bound to their work system to which no one else will access. A user bound via a Group can also be bound directly to the system to enable a custom permission to be set on that system only. UI behavior for group and direct binding is explained further on Getting Started: Systems. When a user is bound to a system, it will either create a new local user account, or take over an existing account of the same username.

Directories - This can include G Suite, Office 365, and/or JumpCloud LDAP. These resources are generally accessed by groups of people so direct binding on the user object - while possible - is generally not recommended. Rather, join the user to a group that has been granted access to the desired directory. A direct binding cannot be made if the user is already bound to the resource via a Group of Users. Note: Activate G Suite or Office 365 in order to make them available in the list of Directories.
 

Group of Users Bindings

Groups of Users may be bound to the following resources:
  • Users
  • System Groups
  • Applications
  • RADIUS
  • Directories


Users - Binding a user to a Group of Users is an organizational construct, no access is granted until that group has been bound to a resource. You can edit group membership in this view. 

System Groups - Binding via Groups of Systems is recommended when there is a one:many or many:many relationship; e.g., a group of admins needs access to a production environment. All members of the Group of Users will be granted access to all systems in the Group of Systems. When a user is bound to a system, it will either create a new local user account, or take over an existing account of the same username. It's possible to be bound to the system both directly, and via group membership. UI behavior for group and direct binding is explained further on Getting Started: Systems.

Applications and RADIUS Servers - To grant access, the user must be a member of a group. You may create one or many Groups of Users to bind to one or many of the resource type. Once the group is bound to the application, any member of that group will be allowed to login.

Directories - This can include G Suite, Office 365, and/or JumpCloud LDAP to Create LDAP Groups. Binding a group to a directory is possible even if a group member has already been granted access via a direct binding in the User details. Note: Activate G Suite or Office 365 in order to make them available in the list of Directories.
 
 

Last Updated: Jul 26, 2017 04:10PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete