TLS 1.0 will be deprecated in JumpCloud on 6/18/2018. More info.

Support Center

Setup JumpCloud Multifactor with a TOTP application

Setup Multifactor

JumpCloud multifactor authentication supports TOTP based tokens.  Users may setup MFA in the JumpCloud User portal in the Security section.



This process requires a TOTP application, generally for a mobile device. Any application that can generate a six-digit SHA-1 based TOTP token should be able to be used with JumpCloud's MFA. Not all applications listed may be available for all mobile OS versions. Several apps qualified to work with JumpCloud are: After installing a compatible application, begin setup:
  • Select SETUP MFA in the user console
  • Continue until shown the QR code representing your TOTP key
  • Open the TOTP application on your device and add a new record
  • Confirm the TOTP token in the user console
Once the TOTP token is confirmed, setup is complete and the state will be reflected in the console:



Token Validation

Token validation is required for:
  • Mac desktop login
  • Linux SSH login
In order for these MFA enabled resources to enforce MFA login, the TOTP key must be validated in the JumpCloud user portal. In order to verify the key, users must enter two valid tokens. This rule works on a user by user basis. E.g., if MFA is enabled for a given Linux server, and User A has validated their key, they will be prompted for a token. If User B has not validated their key, they will not be prompted.

In case of Device Loss or Failures

Because the device containing the TOTP key may be a single point of failure, in case of loss or breakage, it's recommended to record and store the TOTP value in a safe place as a backup. Most apps that generate TOTP tokens allow the TOTP key to be entered manually, which means it can be typed in rather than scanning the QR code in order to restore the ability to generate tokens on a new device or app.  
 

Last Updated: Mar 23, 2018 02:57PM MDT

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete