Legacy RADIUS server IPs will be deprecated on Dec 17, 2018. Please see this KB for more info.

Support Center

End User Guide - JumpCloud MultiFactor Authentication

Summary

These instructions show users how to set up and utilize Multifactor Authentication for the JumpCloud User Portal and other resources protected by JumpCloud MFA.

About JumpCloud MFA

JumpCloud MFA serves as a second form of user authentication for any JumpCloud resources your administrator has chosen to protect with MFA. This means that in addition to your email address/username and password, when you log in to an MFA protected resource you’ll be asked to also provide an MFA verification code (also known as Time-based One-Time Password (TOTP) Token). JumpCloud-managed resources your administrator may protect with MFA:

  • User Portal login
  • Mac desktop login
  • Linux SSH login
  • SSO/SAML application login

In this guide we will cover how to:

Set up Multifactor Authentication

I received an email request to set up MFA

When an administrator has requested that you setup MFA on your account, you will receive an email notifying you and letting you know how long you have to enroll.. To enroll successfully, you’ll need to complete the following steps to set up MFA on your account:

  1. Log in to the User Portal using your existing credentials. You may follow the link in your email or go directly to https://console.jumpcloud.com.
  2. The User Portal will detect that you are in an enrollment period and prompt you to set up MFA.
  3. You’ll need to download an authenticator application to scan the QR code, which will generate the 6-digit tokens used for MFA verification at login. Google Authenticator is a popular one that you’ll find links to download, but the several apps qualified to work with JumpCloud are:
  4. Once downloaded, “continue” to the next screen. Here you will scan the QR code with your authenticator application and enter the 6-digit verification code you app will provide for “JumpCloud User”.
    *note: your administrator may advise you to store the alpha-numeric key below the QR code in a secure place to backup your setup if you were to lose or damage the device with your authenticator application. You may click on the code to copy it to your clipboard.
  5. Click “submit” and you will receive confirmation that your MFA setup is complete. In the MFA section of the security page, you’ll see your active MFA state reflected.
  6. If at any point during this setup, you decide to exit the flow, you’ll be provided a reminder of how many days you have remaining in your enrollment period. Every time you sign in to User Portal during your enrollment period, you’ll be provided the prompt to set up MFA.
  7. Any time that you are logged into the User Portal, you may also visit the security page and in the MFA section select the setup button to access the setup flow again.

I would like to set up my MFA even though it has not yet been required

Your administrator may not currently require that you use MFA for your User Portal, but they may prefer to use it on a system you use, or if you would like to pre-emptively set up MFA for future requirements, you may do so. Please note though, your administrator has the control over what resources are protected by MFA. If you’d like a resource to be protected, whether that be the user portal or other resource, contact your administrator.

  1. Log in to the User Portal using your existing credentials at https://console.jumpcloud.com
  2. Navigate to the security page on the left-hand navigation.
  3. In the MFA section, you’ll see if you are currently inactive. You may click the “setup” button to launch the MFA setup flow.
  4. From this point, the MFA setup flow will be the same as seen above.

Use Multifactor Authentication to log in

Logging in to User Portal with MFA

If your administrator has required MFA for your User Portal and you have an active setup, you’ll follow these steps to log in:

  1. Visit the User Portal at https://console.jumpcloud.com.
  2. Enter your email address and password and press “user login”.
  3. Upon authentication of your credentials, you’ll be prompted to enter your MFA Verification code.
  4. Open your authenticator application (Google Authenticator or one of our other approved applications that you used to set up your MFA).
  5. Enter the 6-digit verification code provided for “JumpCloud User” in your application.
  6. This code is only valid for 60 seconds, at which time your application will generate and display a different code. You’ll want to press “user login” to submit your code within the 60 seconds that your code is valid.

Verifying MFA for SAML/SSO Applications

When you are launching an application that uses JumpCloud to Authenticate, and you do not have an active User Portal session, you’ll be directed to a login screen that looks like your User Portal login. The steps to validate this session will be identical to those listed above for “Logging in to User Portal with MFA”.

Logging in to your Mac with MFA

  1. Select the appropriate Mac User on your machine.
  2. Enter your JumpCloud password.
  3. Enter an MFA verification code provided through your authentication application for “JumpCloud User”.

Using MFA to SSH login on your Linux system

  1. Open your terminal and run the ssh command with username@ipaddress as the argument.
  2. Enter your JumpCloud password.
  3. Enter an MFA verification code provided through your authentication application for “JumpCloud User”.
            $ ssh auser@192.168.1.1
            Password: 
            Verification code: 
            Welcome to Ubuntu 18.04 LTS (GNU/Linux 4.4.0-28-generic x86_64)
    
             * Documentation:  https://help.ubuntu.com/
    
            188 packages can be updated.
            0 updates are security updates.
    
    
            The programs included with the Ubuntu system are free software;
            the exact distribution terms for each program are described in the
            individual files in /usr/share/doc/*/copyright.
    
            Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
            applicable law.
    
            auser@ubuntu1804:~$ 
        

In Case of Authentication Device Loss, Failure, or Replacement

If the device that you have your MFA authentication application on is lost, broken, or is being replaced, you may lose access to your MFA verification capabilities as well.

I’m purchasing a new device

If you are purchasing a new device that you would like to use for your authentication application, you may follow these steps to reset your own MFA so long as you have both your old and your new device:

  1. You’ll need to download an authenticator application on your new device. The several apps qualified to work with JumpCloud are:
  2. Log in to the User Portal using your existing credentials at https://console.jumpcloud.com.
  3. Navigate to the security page on the left-hand navigation.
  4. In the MFA section, you may click the “reset” button to launch the MFA reset flow.
  5. Use your old device to provide verification of your existing MFA setup.
    *Caution: Once you successfully Clear MFA Settings, if you exit before completing setup, you may lock yourself out of MFA protected resources.
  6. From this point, the MFA setup flow will be the same as seen above in the Setup MFA instructions.

I saved the TOTP key from below the QR code when I setup my MFA

If you have access to this code, you may be able to set up a new device without needing assistance from your administrator.

  1. You’ll need to download an authenticator application on your new device. The several apps qualified to work with JumpCloud are:
  2. Choose to manually enter a new MFA instance.
  3. Enter your JumpCloud user email when prompted through your application.
  4. Enter the saved TOTP key.

I don’t have any keys saved, and I’m locked out!

You’ll need to contact your administrator in this case. They will be able to reset MFA on your account. Your experience resetting will be identical to the setup steps in “I received an email request to set up MFA” above.

Reset my MFA

If for any reason you feel your MFA has been compromised, you may reset MFA key and setup through the User Portal.

Self-service

If you have the device with your authenticator application available, you may reset your MFA without administrator assistance. If you do not have your device available, see the instructions above “In Case of Authentication Device Loss, Failure, or Replacement”.

  1. Log in to the User Portal using your existing credentials at https://console.jumpcloud.com.
  2. Navigate to the security page on the left-hand navigation.
  3. In the MFA section, you’ll see if you are currently active. You may click the “reset” button to launch the MFA reset flow.
  4. You’ll first need to use your old device to provide verification of your existing MFA setup.
    *Note: Submitting this verification will clear your existing setup. If you exit out of the flowing screens before completing setup, you will potentially lock yourself out of MFA protected resources.
  5. From this point, the MFA setup flow will be the same as seen above in the Setup MFA instructions.

User Eligibility

*Note: Active Directory owned users created using the JumpCloud Active Directory Bridge do not currently have the option to enable Multi-factor Authentication for the User Portal. These users will not see any MFA options when they log into the User Portal.

 

Last Updated: Dec 04, 2018 04:53PM MST

Related Articles
31b11a79e2c94470a66430cfe6d3eecd@jumpcloud.desk-mail.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete