Subscribe to Help Center RSS FeedAdmins can configure and enforce specific Multi-factor authenticators while configuring conditional access policies. The Admin can select from a number of available factors such as JumpCloud Go, TOTP, etc.
Here are some use cases for various multi-factor authenticators in relation to JumpCloud Go:
In the following use cases, it is assumed that the JumpCloud Go browser extension is present on the users’ devices when JumpCloud Go is enabled.
Choosing MFA in Conditional Access Policies
| JumpCloud Go Status (global) | User Device Status | Admin-Configured MFA in CAP | Resulting User Experience |
| Enabled | Not Registered | JumpCloud Go | Users must register their device in JumpCloud Go to log in. |
| Enabled | Not Registered | Other MFA (or JumpCloud Go + Other MFA) | Users are prompted to register for JumpCloud Go but can log in with Password + Other MFA. |
| Enabled | Registered | JumpCloud Go only | JumpCloud Go grants access. |
| Enabled | Registered | Other MFA only | JumpCloud Go + the Admin configured MFA. Note: With JumpCloud Go, users don’t have to enter their credentials manually. Users must complete the MFA. |
| Enabled | Registered | JumpCloud Go + Other MFA | JumpCloud Go takes precedence over other MFA authenticators and will grant access to the resource. |
| Not Enabled | N/A | Other MFA | Policy works as expected. Users provide their configured MFA. |
| Not Enabled | N/A | N/A | JumpCloud Go option cannot be selected while configuring policy. |
When Jumpcloud Go takes precedence and if it is a selected factor for SSO apps, the user is prompted to verify the identity.
The JumpCloud tray app supports only Push/TOTP/Cisco DUO as the factors. Password resets from the JumpCloud tray app are also governed by CAP for user portal. Hence Admins must select Push/TOTP/Cisco DUO as the one of the factors for user portal.
FAQs: Multi-factor Authenticators in CAP
If an Admin mandates an MFA method, an unenrolled user accessing an app (governed by CAP) will be denied access until they visit the user portal to enroll. After enrollment, users can access their apps directly.
You must select at least one factor or select All Enabled.
Yes. Users can authenticate with any of the allowed multi-factor authenticators.
The JumpCloud Go extension must be installed for the user to complete authentication.
JumpCloud Go will provide credentials, and then the user will be prompted for the CAP configured MFA, ensuring admin settings are honored.
In this Article
Learn More