One-Touch, Frictionless Multi-Factor Authentication Using JumpCloud Protect™

Written by Krishnan Ramachandran on August 24, 2021

Share This Article

Updated on April 27, 2022

The world’s workforce has turned to remote work, resulting in employees accessing corporate resources from home and public networks. To Make Work Happen®, IT admins need a way to provide their employees with secure access to the resources they need to do their jobs without disrupting their day (perceived or otherwise).

Passwords alone are not enough to secure these resources and prevent unauthorized access, as they can be easily compromised by brute force, phishing and other techniques, potentially resulting in monetary losses for organizations. IT administrators have to introduce additional security measures to protect their organization’s resources. Multi-factor authentication (MFA) provides such a measure that safeguards organizational resources and reduces the risk (and cost) associated with password compromise.

However, deploying MFA can be a difficult proposition, for both technical and political reasons. On the technical side, there are many options to choose from, both free and paid, which can be difficult to implement and may only cover a subset of IT resources depending upon their specific requirements and capabilities. In addition, end users may be resistant to adopt MFA, especially if the process to verify additional factors is cumbersome, unreliable, or persistent.

To combat the growing challenges associated with mitigating cyber attacks, as well as those associated with rolling out Zero Trust Security tools to end users who may be resistant to the increased requirements to access their resources, IT admins can now use JumpCloud ProtectTM as an MFA solution to implement mobile push notifications and time-based, one-time passwords (TOTPs), available as an iOS and Android mobile app, and natively backed by JumpCloud’s Directory Platform.

JumpCloud Protect For Push MFA

IT admins can leverage JumpCloud Protect to extend MFA beyond cloud applications and secure all endpoints and resources, including on-premise applications, Mac, Windows, and Linux desktops, VPN and wireless networks, and servers.

With JumpCloud Protect, IT admins can achieve:

  • Improved endpoint security: JumpCloud Protect adds a secondary security layer to prevent unauthorized access to an organization’s network, customer data, tools, and more, giving IT admins and organizations peace of mind.
  • Financial cost savings: JumpCloud Protect is included with all bundle packages and the Cloud MFA A la Carte offering at no extra cost, eliminating the need to pay for additional licensing for this kind of functionality. This includes all customers of the JumpCloud Free package as well.
  • Vendor consolidation: Admins will no longer have to manage third-party MFA or authenticator apps. JumpCloud Protect is natively combined with the JumpCloud Directory Platform.
  • Enhanced Conditional Access authentication policies: For customers of JumpCloud’s Platform Plus package, JumpCloud Protect adds an extra layer of security by providing an integrated MFA solution with the package’s Conditional Access Policies, triggering verification of an identity based upon a variety of parameters, such as device trust, location, network trust, and application-specific step-up challenges. 
  • A simplified end user experience: Standard MFA methods are often viewed as cumbersome for end users, such as the insertion of six digit token numbers into authentication fields or combined with passwords. JumpCloud Protect provides a one-touch authentication method to support employee convenience when challenged with verifying their identity.
  • Integrated visibility to validate compliance requirements: IT admins can audit JumpCloud Protect enrollment and authentication events using Directory Insights to validate compliance status against their corporate security policies and external and regulatory compliance frameworks.

How Do End Users Use JumpCloud Protect For MFA?

JumpCloud’s admins and end users can download JumpCloud ProtectTM from the Apple App Store and Google Play Store.

End users can self-enroll and activate their device through JumpCloud’s User Portal, and they have two options they can select as a second factor: Push and TOTP

  • If a user selects Push as the MFA method during the login process, the user’s device will receive approval requests in the form of push notifications which the user can approve or deny. 
  • If the user selects TOTP, the user can enter the code displayed on the mobile app for the associated account to continue the login process.

Admins can add mobile biometric as an additional user verification on the JumpCloud Protect app.


JumpCloud Protect End User experience showing laptop and smartphone notifications

What Resources Does JumpCloud Protect Support?

End users can use JumpCloud Protect with Push as a factor for the following scenarios:

  1. User portal login
  2. Apps using SSO with both Identify Provider (IdP) and Service provider (SP) Initiated flows supported
  3. Windows, Mac and Linux devices login
  4. SSH sessions (Terminal)
  5. Password management (change and forgot password)
  6. Radius (e.g. VPN.)

Push MFA with JumpCloud Protect will be extended to:

  1. Admin portal access
  2. LDAP applications

End users can use JumpCloud Protect with TOTP as a factor for the following scenarios:

  1. User Portal login, SSO
  2. Windows, Mac and Linux devices login
  3. Password management (change and forgot password)
  4. RADIUS (e.g. VPN)
  5. Admin portal login
  6. SSH Sessions (Terminal)

TOTP with JumpCloud Protect will be extended to support LDAP application access.

Additionally, users can add JumpCloud Protect TOTP as a second factor to their personal online accounts that support this factor.

How Secure Is JumpCloud Protect?

JumpCloud Protect provides the highest level of security in terms of mobile app storage and communication. 

  • When a device is enrolled and activated for Push MFA, an asymmetric key pair of public and private keys are generated. 
  • The private key is stored securely on the device while the public key is stored on JumpCloud servers.
  • The push requests and responses are signed by the key pair.

Additionally, communication and data exchanged between the mobile app and JumpCloud servers happens over a secure channel.

Why Should Customers Enable JumpCloud Protect?

JumpCloud Protect is natively integrated with JumpCloud’s Cloud Directory Platform, unlike traditional point MFA solutions that are inserted into the access transaction, adding additional overhead to integrate and maintain. Because of this, JumpCloud Protect will be scaled to support device login (across Windows, macOS and Linux), Admin portal login, RADIUS and LDAP application access. 

JumpCloud Protect gives both IT and security teams a path to protection without overcomplicating their infrastructure. For employees, an intuitive, easy-to-use method with less user friction for enrollment and authentication is presented, thereby increasing the chances of adoption and limiting the need for ongoing technical support.

How Do I Get Started?

If you’re new to JumpCloud and ready to get started with JumpCloud Protect, then evaluate JumpCloud today! JumpCloud Free grants admins 10 devices and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your JumpCloud account, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.

You can check out our Setting Up JumpCloud Protect guide to learn the steps to set up JumpCloud Protect. You can also follow our JumpCloud MFA guide to start on multi-factor authentication including Push and TOTP.

Krishnan Ramachandran

Continue Learning with our Newsletter