Announcing New Role-Based Access Controls for Multi-Tenant Management

Written by Dennis Clark on January 19, 2021

Share This Article

Managed service providers (MSPs) have a tough job these days. As a result of the pandemic, workloads have increased with seemingly never-ending remote work requests, and cyber attacks are on the rise against both the MSP and their customers. Small and medium-sized enterprises are looking to MSPs to help them tackle these growing challenges, but are cautious to enlist their services given the potential exposure this opens them up to. They also face a myriad of regulatory and industry compliance requirements that dictate who can access what in their environment, and how. 

JumpCloud’s directory platform already implements role-based access controls (RBAC), and with our latest release MSPs can now take advantage of the same granular access control from within the JumpCloud Multi-Tenant Portal (MTP), giving them an edge to maintain the safety, security, and compliance status of their customers without impacting operational efficiency. 

Protecting Access

When MSPs manage multiple client accounts, security breaches can easily propagate across accounts if access is not properly managed. Last year, IT services giant Conduent experienced a major ransomware attack that put the majority of their clients at serious risk. 

MSPs today have more stringent security requirements and increased compliance mandates, all of which make a busy MSP busier. They need the ability to manage granular access levels for both themselves and their customers and at the same time, scale and distribute their administrative tasks in their organization without sacrificing security.

Role-Based Access Controls for MTP

JumpCloud’s MTP fully manages clients’ identities and access controls across virtually all resources. That includes identity and access management (IAM) for Google Workspace, Microsoft 365, Azure, AWS, web applications, and more. MSPs can also use the JumpCloud MTP to enforce system security settings at scale, manage networks through RADIUS, and provide SSO to applications through SAML and cloud LDAP, all from a single pane of administrative glass across their entire customer base.

With this release, MSPs now have the ability to assign one of five roles that determine their access level to the MTP and managed organizations (an MSP’s customers). This capability will enhance the MSP’s security and compliance while improving the scalability of their administrative workloads.

Specifically,  “Administrator with Billing,” “Administrator,” “Manager,” “Help Desk,” and “Read Only” roles provide a hierarchy of focused access levels — ensuring more admins and techs can manage different aspects of their customers’ JumpCloud environment with the appropriate access. “Administrator with Billing” is the only role that can add or edit other admins, manage billing, or add/edit other organizations in the MTP. 

PermissionAdmin w/BillingAdminManagerHelp DeskRead Only
Add/delete admins



Manage billing in MTP



Add/edit orgs in MTP



Manage authentication, organization and user portal


Manage application, directory and RADIUS configurations


Manage devices, groups, users

Pwd resets, account lockouts, MFA resets
View data and insights

With the “Administrator with Billing’” role effectively becoming a super admin, MSP leaders have peace of mind knowing that only the super admin has the ability to intentionally or unintentionally delete child organizations and/or their entire JumpCloud tenant. At the same time, “Administrators” have the ability to perform their normal tasks such as managing users, groups, and devices at child accounts.

To learn more about how you can leverage JumpCloud for managing your clients’ employee identities and resource access, check out the partner track in our JumpCloud University, read our access control case study, or schedule a demo.

If you haven’t done so yet, you can create your JumpCloud Free org today and test with 10 users and 10 devices. You’ll also have access to free premium 24×7 chat support for your first 10 days as a JumpCloud Admin, so you can maximize the beginning of your JumpCloud experience with support from platform experts.

Dennis Clark

Dennis Clark is JumpCloud’s Sr Product Marketing Manager focused on partners and hails from Seattle, Washington. When not obsessing over helping JumpCloud partners succeed, you’ll find Dennis spending time with his family and friends, wrenching on cars, or renovating something in the house.

Continue Learning with our Newsletter