[Notification] We're upgrading the JumpCloud Support Center the week of September 16th.

Support Center

Set Up JumpCloud Multi-factor Authentication with a TOTP application

This article has been redone: Using MFA with Your JumpCloud User Account

Set Up Multi-factor Authentication

JumpCloud Multi-factor authentication (MFA) supports TOTP tokens. Users set up MFA in the JumpCloud User portal in the Security section.

This process requires a TOTP application, generally for a mobile device. Any application that can generate a six-digit SHA-1 based TOTP token should be able to be used with JumpCloud's MFA. Not all applications listed may be available for all mobile OS versions. Several apps qualified to work with JumpCloud are: After you install a compatible application, begin setup. 

To set up MFA in the User Portal:
  1. Go to the User Portal https://console.jumpcloud.com.
  2. The User Portal detects that you are in an enrollment period, and after you log in, are prompted to set up MFA. On the Setup Multifactor Authenitcation window, click Continue.
  3. You are presented with the QR code representing your TOTP key.
  4. Scan or copy and paste the QR code in your TOTP application. You are presented with a 6-digit verification code in the TOTP application. Enter that token, then click Submit.
After the TOTP token is validated, setup is complete and the state is reflected in the console:

Token Validation

Token validation is required for:
  • Mac desktop login
  • Linux SSH login
For MFA enabled resources to enforce MFA login, the TOTP key must be validated in the JumpCloud user portal. To verify the key, users must enter two valid tokens. This rule works on a user-by-user basis. For example, if MFA is enabled for a given Linux server, and User A has validated their key, they are prompted for a token. If User B has not validated their key, they aren't prompted.

In case of Device Loss or Failures

Because the device containing the TOTP key may be a single point of failure, in case of loss or breakage, it's recommended to record and store the TOTP value in a safe place as a backup. Most apps that generate TOTP tokens allow the TOTP key to be entered manually, which means it can be typed in rather than scanning the QR code to restore the ability to generate tokens on a new device or app.  

Last Updated: May 22, 2019 10:03AM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found