Help Center Home > MFA > MFA Guide for Users

MFA Guide for Users

If you are a JumpCloud Admin or want to learn about administrative MFA configurations, see MFA Guide for Admins.

Multi-factor Authentication (MFA), sometimes referred to as Identity Verification or Two-Factor Identification (2FA), helps secure access to the resources you use everyday by asking you to prove who you are with multiple factors. When your IT Admin requires you to use MFA, you need to provide your username and password and an additional factor to log in. This additional factor can be something you know, like a PIN, something you have, like a security key, or something you are, like a fingerprint.

You may be required to use one or more of the following MFA Factors with your JumpCloud user account:

About JumpCloud Go

JumpCloud Go enables passwordless login to JumpCloud-managed web resources on your managed device. Other than initial registration, you won’t need to enter your email, password, and MFA every time you access your resources. Instead, you’ll verify your identity with your device authenticator (Apple Touch ID or Windows Hello) every 12 hours.

Using JumpCloud Go MFA

When enabled, you can approve User Portal and SSO login requests from your managed device authenticator.

To learn how to use JumpCloud Go:

About Push MFA

Push MFA is a type of solution that sends a notification to your mobile device after you've logged in to a resource with your username and password. When you click the notification, you're asked to approve or deny the login request. When you tap Approve, you gain access to your resource.

Tip:

JumpCloud protects against fraudulent push attempts by blocking more than one notification per resource within a sixty second period (the number of maximum concurrent attempts can be changed by an admin).  You can try again after the timeout or after you have approved or denied the initial request. 

jumpcloud protect push notification

Typically you have to download an app when you set up for Push MFA. To use Push MFA with your JumpCloud user account, your admin has you download JumpCloud Protect.

Using Push MFA

Use Push MFA to log in to your User Portal and SSO applications.

You can set up and find your Push MFA status in the Security tab of the JumpCloud User Portal.

To learn how to use Push MFA:

About Verification Code (TOTP) MFA

Verification Code (TOTP) MFA uses authentication codes called Time-based One Time Passwords (TOTP). When you log in to a resource that’s guarded by TOTP MFA, you need to provide your username, password, and a TOTP code generated by the authenticator application on your phone or computer. These codes are generated from an authenticator application on a mobile phone or computer, like JumpCloud Protect, Google Authenticator, or Yubico Authenticator.

Using Verification Code (TOTP) MFA

Your IT Admin decides where you use TOTP MFA, but you may be asked to use TOTP MFA when you log in to the User Portal, RADIUS server, and your device. 

Note:

For certain applications, you may need to manually advance, or use the tab key, to enter the code digit-by-digit in the individual TOTP fields.

You can set up and find your TOTP MFA status in the Security tab of the JumpCloud User Portal.

To learn how to use TOTP MFA

About Security Keys

A security key is a device that often looks like a USB drive that's used with MFA. When you log in to a resource that's guarded by a security key, you must provide your username, password, and the security key.

Using Security Keys

You can use security keys to log in to the User Portal and SSO applications and to verify password resets made from the User Portal.

You can set up and find your security key status in the Security tab of the JumpCloud User Portal.

About Device Authenticators

Device authenticators are unique to your device and are often a biometric-enabled device like Apple Touch ID or Windows Hello. This can be used as a form of authentication to verify your identity.

Note:

To enroll Windows devices with device authenticator, Windows Hello must already be set up.

You can enroll your device and find your device authenticator status in the Security tab of your JumpCloud User Portal.

To learn how to use security keys or device authenticators

About Duo Security MFA

Duo Security MFA lets you log in to a resource using push notifications, phone callbacks, and mobile passcodes provided by Duo. Your IT Admin chooses the authentication options you have for Duo Security MFA.

When you log in to a resource that’s guarded by Duo Security MFA, you need to provide your username, password, and choose an authentication option. Then you provide the factor that’s required for authentication.

Using Duo Security MFA

You can use Duo Security MFA to log in to the User Portal and SSO applications and to verify password resets made from the User Portal. 

You only see Duo Security MFA when you choose to use it to log in to a resource. You don’t see it in the User Portal.  

To learn how to use Duo Security MFA:

Back to Top

List IconIn this Article

Notebook IconLearn More

JumpCloud Protect for End Users

Reset MFA in the User Portal

Log in to User Portal with MFA

Course: Protecting Your Identity with MFA

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case