Action Required: LDAP Service Migration and Firewall Updates

As part of our commitment to providing the most reliable and high-performing directory services, JumpCloud is migrating our LDAP (ldap.jumpcloud.com) and LDAP MFA (ldap-mfa.jumpcloud.com) services to AWS Global Accelerator.

What is Changing?

We are transitioning from traditional regional routing to a global "Anycast" network. This migration allows your LDAP traffic to enter the AWS private network at the closest possible point to your infrastructure, bypassing the unpredictability of the public internet.

Phased Rollout Schedule

To ensure stability, we are shifting traffic in increments. We have already migrated a small percentage of global traffic and will continue to increase this percentage over the coming weeks.

During this period, your systems will intermittently resolve to a new set of static IP addresses.

Action Required: Updating Firewall Allow Lists

If your organization uses egress filtering to restrict outbound traffic on ports 389 (LDAP) or 636 (LDAPS), you must add the new IP addresses to your firewall's allow list.

Why Action is Required

As the migration percentage increases, your authentication requests will eventually hit the new IP addresses. If your firewall blocks these IPs, your LDAP-bound applications (such as VPNs, NAS devices, or legacy apps) will be unable to authenticate users, possibly resulting in a service disruption for your organization.