Best Practices: Secure Your Organization

As more companies move their businesses to the cloud, more vulnerabilities and access points become compromised every day. JumpCloud creates a safer identity for our customers. We are trusted with some of your most confidential information, and we reciprocate that trust by putting security first.

We’ve outlined some best practices to help admins ensure they have the right permissions, meet password and authentication requirements, along with a few other valuable recommendations.

Delete Unused Organizations

Unused organizations are an avoidable risk to the security of your company. They are susceptible to forgotten or expired passwords, might have a compromised API key, or a number of other weak access points. 

We recommend deleting unused organizations in your Multi-Tenant Portal (MTP):

1. Before submitting your Org Delete Request, all of the users and orgs for your devices have to be deleted from JumpCloud first, see Delete an Organization to learn more, and then continue submitting your request.
   • This also includes any tenant accounts that have a high-water mark of zero.

Enforce Strong Password Hygiene

Passwords are a common entry point for attackers, often because they aren’t compliant with industry standards. There are a few important factors that go into maintaining a strong, secure password.

We recommend Admins enforce these password best practices for both their Users and themselves:

1. Your password length should be at least 12 characters long. 
2. Your password should include one uppercase letter, one lowercase letter, a number, and a special character.
3. Change your password every 90 days.
   • See Manage Password and Security Settings to learn more. 
4. Securely store your passwords using JumpCloud’s Password Manager. 
   • See Get Started: JumpCloud Password Manager to learn more.

Multi Factor Authentication (MFA)

Having complex passwords is a great start, but why not have two ways to verify your identity? Time-based One-Time Password (TOTP) MFA is a security measure that requires more than one form of authentication to verify the user’s identity. 

We recommend the following best practices for TOTP MFA:

1. You should use MFA to secure access to your organization’s Admin Portal.
   • See Enable MFA for the Admin Portal and Configure MFA for your Organization to learn more.
2. Configure TOTP MFA to secure user access to your organization’s resources.
   • See Require MFA for Users and Configure MFA for User Accounts to learn more. 
3. Enable JumpCloud Go™ so users can verify their identity seamlessly using device authenticators with biometrics (Apple Touch ID and Windows Hello).
   • See Get Started: JumpCloud Go to learn more. 
4. Enable JumpCloud Protect® so users can authenticate through the app. 
   • See JumpCloud Protect for Admins to learn more.

Implement a Least Privilege Administrative Model

The least privilege access infrastructure only gives users access to the company resources that they need to successfully do their daily job. Having too many admins with unlimited access is prone to human error and security breaches. See the What is Least Privilege and Why Do You Need It? blog to learn more. 

We recommend the following Admin access:

1. Assign the Billing Only Role to finance and accounting users to limit their permissions to billing specific tasks and information.
   • See Admin Portal Roles to learn more. 
2. Rotate your API keys periodically. 
   • See Best Practices: JumpCloud API to learn more.