Use Conditional Access Policies to implement Zero Trust security in your organization. You can create conditional access policies that secure access to resources based on conditions like a user's identity and the network and device they’re on. For example, lock down your environment with policies that deny access when users are on unmanaged devices or unapproved networks. Alternatively, relax access and let users log in to the User Portal without Multi-factor Authentication (MFA) when they’re on a VPN or managed device.
Conditional Policies are only supported on the following browsers:
- Windows: Google Chrome, Microsoft Edge
- macOS: Google Chrome, Safari
- Linux: Google Chrome
You can create Conditional Access Policies for the User Portal, SSO applications, and LDAP applications. A policy can only have one resource type associated with it, so you can’t have one policy that applies to the User Portal and SSO Applications.
- User Portal: Configure a policy that relaxes, restricts, or denies access to the User Portal.
- For example, use a device condition to let users log in to the User Portal without MFA when they’re on a JumpCloud managed device or set a policy across all your users that requires MFA to access the User Portal.
- SSO Applications: Use a policy to relax, restrict or deny access to SSO applications when users access them from the User Portal or through SP initiated authentication.
- For example, enable a policy for your software engineer user groups that requires them to use MFA when they access AWS and GitHub applications.
- LDAP Applications: Use a policy to relax, restrict or deny access to LDAP applications when users access them from the User Portal.
- For example, enable a policy for your users that requires them to use MFA when accessing the VPN.
Create conditions to control how users or user groups can access applications from JumpCloud-managed devices or unmanaged devices. For example, require MFA for users trying to access Slack from unmanaged devices
Create conditions to control how users and user groups can access cloud applications from IP addresses identified or not identified on your Conditional Lists. For example, deny access to users trying to access AWS SSO from IP addresses that are not on the Conditional List.
Create conditions to control how users and user groups can access cloud applications from certain countries. For example, only allow users from the United States and Canada to access the User Portal.
Create conditions to deny or allow users and user groups access to resources based on the disk encryption status of their JumpCloud-managed device.