What measures does JumpCloud take to ensure security?

At JumpCloud, we work hard to create a safer identity for our customers. You can find a full description of the measures we take on our security page, where we discuss:

  • Independent Assessments and Audits
  • Secure Communication
  • Infrastructure Security
  • Employment
  • and Vulnerability Disclosure

Additionally, feel free to contact us and we can address any of your concerns, or you can view our disaster recovery and resiliency plan.

What degree of uptime can I expect with a cloud directory like DaaS?

JumpCloud strives for 100% availability. Of course, as with any IT service, there is a possibility of errors, failures, or other problems that may cause downtime. We have a detailed disaster recovery and resiliency plan, which you can view here. You can also check our uptime here.

Does JumpCloud undergo a third-party security audit?

JumpCloud’s environments are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum of 3 times per year by multiple third-party firms. The results of these scans and tests are integrated into our development workflow to be addressed based on priority.JumpCloud has completed a SOC 2 Type 2 examination for our Directory-as-a-Service. You can request to view the results of this examination by emailing accounts@jumpcloud.com.

How does multi-factor authentication (MFA / 2FA) work with Directory-as-a-Service?

JumpCloud’s approach to MFA involves system level and application level MFA. At the system level, we are able to require the second level of security at the login screen for Macs and Linux devices, ensuring that no one can enter your endpoint without the code. For application level MFA, we enable the extra layer of security on the JumpCloud user portal, which is the access point to many web applications. Learn more.

How does JumpCloud help me manage user passwords?

With Directory-as-a-Service, IT admins have access to a multitude of management capabilities over user passwords. Admins have the ability to require and enforce strong password controls, and they can define minimum attributes for passwords. Additionally, IT admins can specify the most recent password that can be reused, the password rotation schedule, and the number of failed attempts allowed. JumpCloud’s passwords are stored securely after being one-way hashed and salted. On top of that, these passwords are not stored in a format that can be read by anyone else – not even JumpCloud. Learn more.

Return to FAQ Page

If you have any further questions, please reach out to us on our contact page.