Admin Portal Roles

The following roles can be applied to JumpCloud administrator accounts from the Administrators tab in Settings in the JumpCloud Admin Portal. These roles protect your organization by restricting access to only the areas people need to perform their daily job duties.

Learn more in Managing JumpCloud Administrator Accounts.

Note: Role based permissions apply to administrator actions both in product, and the API key of each administrator.


Administrator With Billing: This role is considered a Super Administrator. Important: Carefully consider who you give this level of access. Accounts with this role have all privileges and can:

  • Perform all user management tasks: create, modify, and delete user and administrator accounts.
  • Perform all group management tasks: create, modify, and delete user and device groups.
  • Perform all device management tasks: create, modify, delete, and grant access to devices; configure and run commands; configure and run device configurations / policies; configure and manage MDM settings and policies.
  • Perform all user authentication tasks: configure, grant access to, and require authentication resources such as LDAP, RADIUS, SSO and SCIM applications.
  • Perform all directory integration tasks: configure and manage directory integrations, provision and deprovision users in integrated directories.
  • Perform all security management tasks: configure and require Multi-factor Authentication factors; configure Password Settings.
  • Perform all account management tasks: configure all of JumpCloud’s settings.
  • Perform billing management tasks: update the account payment method. Only roles with billing privileges can manage payment methods for JumpCloud accounts. Learn about Billing roles
  • Perform all administration tasks for the Multi-Tenant Portal: all previously mentioned administration tasks for organizations in a Multi-Tenant Portal.

Administrator:
Important: Carefully consider who you give this level of access. This role has all of the privileges of an Administrator With Billingexcept privileges to manage payments (Billing), administrators, or the Multi-Tenant Portal.

Manager: Accounts with this role can manage users, devices, and groups.

Command Runner With Billing: Accounts with this role can manage account payment methods.

Command Runner: Accounts with this role can only run commands they're given access to. 

Help Desk: Accounts with this role can access and view JumpCloud resources, submit support requests, and manage users in the following ways:

  • Create and delete users
  • Reset account passwords
  • Unlock users

Read Only: Accounts with this role have read-only permissions; they can access and view users and other JumpCloud resources, but can't perform any management tasks.

When you apply roles with limited permissions, a banner is shown in the Admin Portal that explains the level of permissions the account has. 

The following table outlines role permission scope for new and legacy roles. 

Admin Portal Roles

Admin Role
Scope Administrator with Billing Administrator Manager Command Runner with Billing Command Runner Help Desk Read Only
Administrators: administrator creation, edit, role assignment, & deletion Edit Read Only Read Only No Access No Access Read Only Read Only
Billing: addition, removal & management of billing & payment information Edit No Access No Access Edit No Access No Access No Access
Multi-Tenant Portal: organization & administrator management in the MTP Edit Read Only Read Only N/A N/A Read Only Read Only
Organization & User Portal: organization details, email configurations, User Portal session management Edit Edit Read Only No Access No Access Read Only Read Only
Authentication: authentication policies & MFA organization level configurations Edit Edit Read Only No Access No Access Read Only Read Only
Users: creation, viewing, attribute management, deletion, passwords, MFA requirements & enrollments on user, lockouts & direct assignments to resources Edit Edit Edit No Access No Access Edit Read Only
Groups: creation, viewing, deletion, configurations, attributes, membership & assignment of resources to groups Edit Edit Edit No Access No Access Read Only Read Only
Devices: agent installs, attribute management, viewing, deletion, policy application, MDM management of devices Edit Edit Edit No Access No Access Read Only Read Only
Directory & App User Management: directory integrations & application (SCIM Identity Management), user exports Edit Edit Read Only No Access No Access Read Only Read Only
In Product Support: submission of support tickets & feature requests in product Edit Edit Edit Edit Edit Edit No Access
Case Portal: view, filter and search all submitted tickets and feature requests. Edit Edit Edit Edit Edit Edit Read Only
Notifications: viewing & dismissal of notifications in Admin Portal Edit Edit Read Only Read Only Read Only Read Only Read Only
Insights: viewing & query of Directory Insights & System Insights Edit Edit Edit No Access No Access Edit Edit
Commands: creation, viewing, scheduling, running & assignment of commands Edit Edit Edit Running & Scheduling access to Commands for assigned Commands Running & Scheduling access to Commands for assigned Commands Read Only Read Only
Bulk User Imports: bulk imports of users leverage the JumpCloud job service Edit Edit Edit No Access No Access  Edit Read Only
SSO Applications: configuration of SAML SSO for applications Edit Edit Read Only No Access No Access  Read Only Read Only
RADIUS: creation, editing, viewing, deletion & configuration of RADIUS servers Edit Edit Read Only No Access No Access  Read Only Read Only
Remote Assist: Launch remote sessions & view and control end-user devices Edit Edit Edit No Access No Access  Launch RA session if allowed by Manage or above No Access 

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case