Enable MFA for the Admin Portal

Use Multi-Factor Authentication (MFA) with JumpCloud to secure access to your organization’s Admin Portal. Read this article to learn how to enable MFA for an administrator. 

Prerequisites:

• Obtain an application to generate TOTP tokens. See Set Up Authenticator App for User Account.

Considerations:

• An admin with the Administrator role cannot enable MFA for an admin with the Administrator with Billing role.
• An admin with the Administrator with Billing role is able to enable MFA for themselves.
• See Manage Admin Accounts. 

Enabling MFA for the Administrator

To enable MFA for a JumpCloud Administrator:

1. Log in to the JumpCloud Admin Portal. Log in with administrator credentials.
2. In the upper right corner of the page, click the green circle with your initials, and then select Administrators. The Administrators window appears.
3. Click Details for the administrator for whom you want to enable MFA.
4. Select Enable MultiFactor Authentication for Admin Login, and then click Save Administrator. After you enable MFA for the administrator account, an email is sent to the account’s email address with instructions for setting up MFA for their account.
5. Follow the reset steps in the email. The admin is presented with the QR code and TOTP Key to add to their chosen TOTP token application.

Viewing Enrollment Requirements and Enrollment Status

View at-a-glance information on the MFA health of all admins in your org in Settings > Administrators. The administrators list shows two relevant columns for MFA - MFA: Requirement and MFA: Enrollment.

For MFA: Requirement, possible statuses are:

• Required: Admin is required to use MFA
• Not Required: Admin is not required to use MFA

For MFA: Enrolled, possible statuses are:

• Enrolled: Admin has taken a step to enroll in MFA.
• Not Enrolled: Admin has not yet taken a step to enroll in MFA.

Monitoring Enrollment Status

The Admins Without MFA Required widget on the Admin Portal Home page shows how many Admins in your org do not have MFA required for Admin Portal login. Click the tile to view a list of the Admins without MFA required. From the list view, you can take the bulk action of enforcing MFA for some or all of the Admins listed.

To require MFA for Admins on Admin Portal login:

1. From the Admin Portal Home page, click the Admins Without MFA Required tile.
2. From the Admins Without MFA Required list, select the Admins you want to enforce MFA login for.
3. Click Actions, then click Require MFA.
4. On the confirmation modal, click Require MFA.
5. The Admin will be required to log in with MFA on their next Admin Portal login.

The Admins Without MFA Required widget can be removed from the Admin Portal Home page, if desired.

To remove the Admins Without MFA Required widget:

1. From the Admin Portal, go to Home.
2. Click Settings.
3. Under Configure and Customize Widgets, toggle Admins Without MFA Required to off.

Resetting MFA for an Administrator Account

If you’re locked out of your JumpCloud Administrator account after enabling MFA, you can reset your MFA.

To reset MFA on a JumpCloud Administrator account, log in with your username and password and when prompted for MFA, click the Reset TOTP MFA link. You may also ask the designated admin for your company to reset it for you.

You will be sent an email to reset your MFA:

1. Check your email inbox.
2. Click Set Up MFA in the email message.
   
3. Enter your Email address and Password.
   
4. When you enter them, Set Up MFA becomes activated.
5. Click Set Up MFA.
6. Download an Authenticator App if you do not have one already or click I Have An App if you already do.
   
7. Use the app to scan the QR code.
   
8. When you enter the verification code, the Submit button becomes activated. Click Submit.
9. A message will display stating that the MFA reset was successful.
   
10. An email will be sent to you confirming that your TOTP MFA reset was successful.