Manage MSP Admins in the MTP

You can manage Managed Service Provider (MSP) Admin accounts in each of your managed organizations within the JumpCloud Multi-Tenant Portal (MTP). After you add an admin, you can view their details and perform a variety of other actions like requiring Multi-Factor Authentication (MFA), suspending/restoring accounts, and resetting passwords. 

Prerequisites

You need to get the MTP enabled for your MSP organization to use it. To get the MTP for your MSP org, please contact your Partner Account Manager and make sure to provide the following information:

  • The org IDs for each managed org you want to add to your MSP org’s MTP.
  • The email addresses of the JumpCloud admin accounts you want to make admins for your MSP org’s MTP. These accounts must be created (by you) and registered (by the admin account owner) prior to being added to your MSP org’s MTP.

Note: If you're not a partner, contact [email protected].

Considerations

  • All admin accounts for your MSP org’s MTP have access to all of your MSP managed orgs. 
  • The MTP supports granular permissions; you can restrict access to specific orgs per MSP admin account.
  • Existing orgs aren’t automatically added to your MSP organization’s MTP when it’s activated. You need to ask JumpCloud Support to add existing org’s to your MSP org’s MTP.
  • Admin accounts for your MSP organization’s MTP are automatically given access to orgs created in the MTP.
  • When creating a new admin, API access will be disabled by default.
    • Only Admins with Billing Role can enable this.

Adding an Admin

To add an Admin user to your MTP:

  1. Log in to your MTP: https://console.jumpcloud.com
  2. Click the Administrators tab.
  3. Click the Plus icon ( + ).
  4. In the Details tab, enter a First NameLast Name, and Administrator Email Address* for the new admin.
    • Note: You must specify an email address before you can save an admin.
  5. Toggle Multi-Factor Authentication on or off.
    • Note: If MFA is required for an MSP admin account, the admin will be required to provide a TOTP token with their account credentials on their next login.
  6. In the Permissions & Access tab, click the Permissions dropdown menu and select the Role* you want to assign to the Admin. See Manage Admin Roles in the MTP to learn more.
  7. In the Organization Access field, select the organizations you want to give your Admin access to. 
  8. Click Save. You can now view details for this admin account on the Administrators tab.

Viewing Details for Your MTP Admins

To view details for MTP Admins:

  1. Log in to your MTP: https://console.jumpcloud.com.
  2. Select the Administrators tab.

The following details are shown for admin accounts:

Name - The admin’s first and last name.
Email - The admin’s account email address.
Role - The admin's role/permission level.
Organizations - The organizations your admin can access.
Status - The admin’s account status; either active, pending, or suspended.
MFA Status - Admins will either have MFA required or not required.

Editing Admins

To edit an Admin:

  1. Log in to your MTP: https://console.jumpcloud.com. ​​
  2. Click the Administrators tab.
  3. Click on the admin’s Name in the list.
  4. On the Details tab, modify the admin’s information:
    • First Name – The admin’s first name.
    • Last Name – The admin’s first name.
    • Administrator Email Address* – The admin’s email address. This field is required.
  5. Under Security, you can toggle Multi-Factor Authentication Not Required or Required.
    • When MFA is required for an MTP Admin account, the admin will be required to provide a TOTP token with their account credentials when they log in to your MSP organization’s MTP.
  6. You also have the option to Send TOTP Reset Email.
  7. Under Account Settings, you can see the status of the account (Active, Suspended)
  8. You can also:
    • Send Password Reset Email
    • Suspend Account
    • Restore Account (This option is only available for an account that is already suspended)
  9. On the Permissions & Access tab, under Permissions, click the Role dropdown menu and select which role you want to assign to the administrator. See Manage Admin Roles in the MTP to learn more.
  10. If you want to give the admin API access, select the checkbox next to Enable API access. See JumpCloud API’s to learn more.
  11. In the Organization Access field, select the organizations you want to give your admin access to.
  12. Click Save. You can now view details for this admin account on the Administrators tab.

Requiring and Removing MFA for an Admin

To require MFA for an existing admin:

Note:

When you require MFA for an admin, they will be required to provide a TOTP code when they log in to your organization's MTP. See Configure MFA for your Org to learn more.

You can require MFA when you add new admin users by clicking Require Multi-Factor Authentication, or you can modify existing admin's to require it. 

To require MFA for an existing admin:

  1. Log in to your MTP: https://console.jumpcloud.com
  2. Click the Administrators tab.
  3. Select an admin from the list. The Edit Administrator side window displays.
  4. On the Details tab, under Security toggle Multi-factor Authentication Not Required. This pulls up a window asking if you would like to require MFA for the admin. Click Require MFA.
  5. Click Save.
  6. You’ll see the admin MFA status under the Administrators tab in the MFA Status column. 

To remove MFA for an Admin:

  1. Log in to your MTP: https://console.jumpcloud.com.
  2. Click the Administrators tab.
  3. Select an admin from the list, under Security toggle Multi-factor Authentication Required. This pulls up a window asking if you would like to Remove MFA Requirement. Click Remove MFA.
  4. Click Save.
  5. You’ll see the admins MFA status under the Administrators tab in the MFA Status column. 

Suspending and Restoring Admin Accounts in the MTP 

Note:

Before suspending an admin account, see Suspend and Reactivate User Accounts to learn more.

To suspend an Admin account

  1. Log in to your MTP: https://console.jumpcloud.com.
  2. Click the Administrators tab.
  3. Click an admin from the list. The Edit Administrator side window displays.
  4. Under Account Settings, click Suspend Account.

Note: This immediately removes the admin's access to the MTP while maintaining their date and configuration records.

  1. Confirm that you want to suspend the selected account, then click Suspend
  2. Click Save. The account appears as suspended in the admins list.

To restore a suspended Admin account:

  1. Log in to your MTP: https://console.jumpcloud.com.
  2. Click the Administrators tab.
  3. Click an admin from the list. The Edit Administrator side window displays.
  4. Under Account Settings, click Restore Account
  5. Confirm that you want to restore the selected admin account, then click Restore
  6. Click Save. The account appears as active in the admins list. 

Interested in our Integrations? Learn more:

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case