A security key is a device that often looks like a USB drive that’s used with multi-factor authentication (MFA). MFA means that you use more than one method of authentication to gain access to a resource like your JumpCloud User Portal. When you log in to your User Portal, you have to provide your username, password, and your security key to gain access. A device authenticator is something unique to your device and is often a biometric device like Apple Touch ID or Windows Hello.
- To enroll Windows devices with device authenticator, Windows Hello must already be set up.
- You may already be using a security key with Verification Code (TOTP) MFA. A security key used with Verification Code (TOTP) MFA is different from the security key mentioned in this article and won’t work for the processes described below.
Setting Up a Security Key or Device Authenticator
Your IT admin may register security keys for you. In this case, you aren’t required to do any additional setup. Alternatively, your admin may have you register a security key for your user account. Device authenticators are always enrolled from the User Portal.
Note: You need to have a security key with you to successfully register a security key with JumpCloud.
To register a security key for your user account:
- Log in to your User Portal: https://console.jumpcloud.com/login
- In the Set Up Multi-Factor Authentication modal, select Security Key or Device Authenticator, then click continue.
- Edit the display name if you'd like, then click REGISTER KEY.
- Follow the browser prompts to insert the security key or enroll the device authenticator.
- Browser prompts can differ in behavior and messaging.
- After the security key or device authenticator is successfully registered, add another key or click X to close the modal.
Note: You can also add security keys or device authenticators at any time from the Security area in the User Portal.
Viewing Your MFA Status
To view, add, edit, and delete your security keys or device authenticators:
- Log in to your User Portal: https://console.jumpcloud.com/login
- Under Security, you can see the current status of all forms of MFA.
- Any older security keys (including device authenticators) have been renamed to 'legacy keys'. You can rename or delete these keys, but you can't add a new security key to this area. We recommend re-enrolling these keys as Security Keys or Device Authenticators and then deleting the original legacy key. However, you won't be blocked from continuing to use the legacy key.
Note: If you have multiple security keys or device authenticators, consider using the display label to help keep them identifiable. Use the pencil icon to edit the display label. However, if your admin registered a security key for you, you can’t edit the display label.
Logging into Resources with a Security Key or Device Authenticator
Security keys and device authenticators can be used for logging into the User Portal, SSO apps, and for changing your JumpCloud password.
If you don’t see a particular MFA option, get in touch with your admin.
- When logging into the User Portal, you have 60 seconds to provide your security key or device authenticator. If you have a removable security key, insert it into your computer before you log in.
- For logging into SSO apps, follow the same steps as for your user portal, unless you're using SSO directly from the app, the availability of which varies by app.
- When resetting your JumpCloud user password from the User Portal, and email will be sent to your user account email address. When following the prompts, you can elect to use your security key or device authenticator for MFA.
- When changing your password, you have five minutes to use the security key or device authenticator before the token expires.
If your security key fails, change the MFA factor to authenticate to your User Portal. If you continue to experience problems, contact your admin.
- Security Keys work with Chrome, FireFox, and Edge.
- Device Authenticator Touch ID only works with Chrome.
- Neither security keys nor device authenticators are supported with Internet Explorer or Safari.
Here's a guided simulation: User Portal MFA Webauthn Login.