Bind Users to Devices

After you’ve created or imported your users and devices to your JumpCloud organization, you must bind those users to their devices. Once bound, the user can access the device by logging in with their JumpCloud username and password. If a user isn’t bound to a device, they’re unable to log in.

When you bind a user to a device, you are either provisioning a new local account to a macOS, Windows, or Linux device if one doesn’t already exist, or allowing JumpCloud to manage an existing local account on the device. 

You can bind a single user to a single device or a group of users to a group of devices:

Tip:

You can also let new users bind their account to macOS and Windows devices directly from the login window. See Provision New Users on Device Login

Considerations:

  • The JumpCloud agent must be present on the local device to bind a user to it.
  • Only local accounts can be bound to devices.
  • The user must be connected to the system in the Admin Portal. See Connect New Users to Resources.

Bind a User to a Device

If you are binding a new user account to the device, whether it’s the first account on the device or an additional account, you perform the following steps:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. Go to USER MANAGEMENT > Users.
  3. Select the user by clicking anywhere on the user’s row.
  4. Click the Devices tab.
  5. Click the checkbox next to each device that you want to bind the user to. 
  6. Click save user. The window below appears:
  7. Click Bind Device.

After the user is bound to the device, the user can utilize their JumpCloud credentials to log in. If your user or device needs to use multi-factor authentication (MFA), JumpCloud will prompt the user when they log in to configure MFA.

User accounts aren't provisioned to the device until the JumpCloud agent polls with your organization’s Admin Portal, which happens every few minutes. 

You can connect the user to any resource in JumpCloud (devices, applications, networks, etc.). If the user is created in a Staged user state, they won't gain access to their assigned resources until they are activated. See Manage User States for specific information about when a user gains access.

Bind a User Group to a Device Group

You can bind a user group to a device group to grant a group of users access to each device in the group.

Warning:

Binding a user group to a device group will create a local user account for each user in the user group on each device in the device group. Adding a large number of user accounts to a device may prevent it from operating correctly. Proceed with caution.

To bind a user group to a device group:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. Go to USER MANAGEMENT > User Groups.
  3. Select the user group by clicking anywhere on the user group’s row.
  4. Click the Device Groups tab.
  5. Click the checkbox next to each device group to which you want to bind the user group. 
  6. Click save. The window below appears:
  7. Click Bind Device Groups.

Take Over an Existing Account

If your device already has a local user account, JumpCloud can manage, or take over, that account. If the JumpCloud user name and the existing account’s username match exactly, JumpCloud will take over that existing account. If they do not, you can specify the account for JumpCloud to manage. For more information, Take Over an Existing User Account with JumpCloud.

Note:

As this process is writing the user’s password through Mac Keychain and the Windows Data Protection APIs, users will be logged out of all resources after account takeover. This is expected behavior. Some examples of these resources include 1Password, Dropbox, Google Drive, Slack, Microsoft Office, Google Workspace, Microsoft Teams, Chrome, Firefox, Edge browsers, etc.

Warning:

For macOS takeovers, users must log out and log back in to their system after they are connected to the system via JumpCloud. See MacOS Account Takeover Considerations.

Unbind a User from a Device

If you no longer want a user to have access to a device, you can unbind that user from the device. For more information, see Unbind Users from a Resource.

Considerations

  • MacOS: The macOS agent will not allow suspension or deletion of all Secure Token users from a system. If a user suspended or deleted via the Admin Portal is the last Secure Token user on a system, this user will be suspended or deleted in the Admin Portal but will not be removed from the target system to prevent that system from being rendered inaccessible.

Warning:

Use caution when unbinding users from devices. If the device has no user accounts on it, the device can become locked and will no longer be able to be accessed by JumpCloud. 

To unbind users from a device:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. Go to USER MANAGEMENT > Users.
  3. Select the user by clicking anywhere on the user’s row.
  4. Click the Devices tab.
  5. Click the checkbox next to the device you want to unbind from the user to deselect it. 
  6. Click save user. The window below appears.
  7. Click Unbind Device. 

Unbind a User Group from a Device Group

If you no longer want a user group to have access to a group of devices, you can unbind that user group from the device group. 

Considerations

  • MacOS: The macOS agent will not allow deletion of all Secure Token users from a system. If a user deleted via the Admin Portal is the last Secure Token user on a system, this user will be deleted from the Admin Portal but will not be deleted from the target system to prevent the system from being rendered inaccessible.

Warning:

Use caution when unbinding user groups from device groups. If the device has no user accounts on it, the device can become locked and will no longer be able to be accessed by JumpCloud. 

To unbind a group of users from a group of devices:

  1. Log in to the JumpCloud Admin Portal: https://console.jumpcloud.com.
  2. Go to USER MANAGEMENT > User Groups.
  3. Select the user group by clicking anywhere on the user group’s row.
  4. Click the Device Groups tab.
  5. Click the checkbox next to the device group to which you want to bind the user group. 
  6. Click save. The window below appears:
  7. Click Unbind Device Groups.

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case