Support Center

Binding Users to Resources - Grant Access

All resources in JumpCloud are 'implicit deny', which means that by default, users will not have access to a resource endpoint until they are explicitly bound to it either directly or through group membership.

User Bindings

Access to resources may be granted by binding a user to any of the following:
  • User Groups
  • Systems
  • Directories


User Groups - Binding a user to a Group of Users is an organizational construct, no access is granted until that group has been bound to a resource. You can edit group membership in this view. 

Systems - Binding a user directly to a system is good practice if this will be a 1:1 relationship; e.g., if this is a single user being bound to their work system to which no one else will access. A user bound via a Group can also be bound directly to the system to enable a custom permission to be set on that system only. UI behavior for group and direct binding is explained further on Getting Started: Systems. When a user is bound to a system, it will either create a new local user account or take over an existing account of the same username.

Directories - This can include G Suite, Office 365, and/or JumpCloud LDAP. These resources are generally accessed by groups of people so direct binding on the user object - while possible - is generally not recommended. Rather, join the user to a group that has been granted access to the desired directory. A direct binding cannot be made if the user is already bound to the resource via a Group of Users. Note: Activate G Suite or Office 365 in order to make them available in the list of Directories.
 

Group of Users Bindings

Access to resources may be granted by binding a User Group to any of the following:
  • Users
  • System Groups
  • Applications
  • RADIUS
  • Directories


Users - Binding a user to a Group of Users is an organizational construct, no access is granted until that group has been bound to a resource. You can edit group membership in this view. 

System Groups - Binding via System Group is recommended when there is are one:many or many:many relationships; e.g., a group of admins needs access to a production environment. All members of the User Group will be granted access to all systems in the System Group. When a user is bound to a system, it will either create a new local user account or take over an existing account of the same username. It's possible to be bound to the system both directly, and via group membership. UI behavior for group and direct binding is explained further on Getting Started: Systems.

Applications and RADIUS Servers - To grant access, the user must be a member of a group. You may create one or many Groups of Users to bind to one or many of the resource type. Once the group is bound to the application, any member of that group will be allowed to log in.

Directories - This can include G Suite, Office 365, and/or JumpCloud LDAP to Create LDAP Groups. Binding a group to a directory is possible even if a group member has already been granted access via a direct binding in the User details. Note: Activate G Suite or Office 365 in order to make them available in the list of Directories.
 
 

Last Updated: Sep 17, 2018 10:28AM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete