Operation and Usage
User Experience
The AD Bridge will perform one way synchronization of users and groups from Active Directory to JumpCloud. Synchronization runs at approximately 90 second intervals.
- Required: A security group named "JumpCloud". This group must be a member of the default Users OU within Active Directory. A user or group must be a member of this group in order to synchronize.
- Optional: A security group named "JumpCloud Admins". Any user that is a member of this group and also a member of the JumpCloud group will have Global Administrator permissions enabled within JumpCloud. This function does not support members of nested groups.
- Once mirrored, AD managed users and groups within JumpCloud can be bound to JumpCloud managed resources such as Systems, RADIUS, LDAP, etc...
User Synchronization
JumpCloud mirrors the following data fields and will be read-only in JumpCloud:- First and Last Name
- Email address* - This value is obtained from either the E-mail field on the General tab OR the User logon name from the Account tab of the user properties. If both values are populated the value on the General tab takes precedence.
- Username*
Verifying Successful Configuration
- User accounts should automatically appear in the JumpCloud User Console after being placed in the JumpCloud OU in Active Directory.
- Synchronization runs at approximately 90 second intervals, so allow time for users to appear in the console.
- Once a user is successfully synchronized, they'll appear in the JumpCloud Admin console with an AD Bridge icon underneath their email address as shown below:
Users will be deleted from JumpCloud and any data or resource bindings associated with the user will be lost under the following conditions:
- If you change the User logon name in the Account tab of the User Properties window (A new user will be created with the new username, resource bindings are maintained in this case)
- Disabling the user in AD
- Removing the user from the JumpCloud group
Groups Synchronization
- Groups that are a member of the JumpCloud group will be mirrored to the JumpCloud directory, Users that are a member of these groups will be mirrored and bound to the group
- Nested groups will be traversed recursively and their structure will be flattened. E.g., in AD, Group1 is a member of JumpCloud with members User1, User2 and Group2. Group2 is a member of Group1 and contains members User3 and User4. In JumpCloud, Group2 will be mirrored and have User3 and User4 bound. Group 1 will be mirrored and have User1, User2, User3 and User4 bound.
- JumpCloud managed users may be bound to AD mirrored groups. Their membership will be unaffected by subsequent synchronizations.
Deactivate
You can temporarily disable AD Bridge operation by selecting "Deactivate" in the Active Directory tab of the Directories object. Deactivation will cease all synchronization between AD and JumpCloud.
Service details
The agent is registered as a service to start automatically.
- Display name: JumpCloud AD Bridge Agent
- Service name: adint
- Log located at c:\Windows\Temp\JumpCloud_AD_Integration.log
- Similar to when users are newly added to JumpCloud, as the user is added to the JumpCloud security group a "Welcome" email will be delivered to the email address of the identity.
- All password changes for the user must be done on the Windows workstation or on a domain controller.
- Users will be unable to access any resources controlled by JumpCloud until they reset their password on their Windows workstation or on a domain controller.