Contact Us
Help Center Home > Security Management > Configuring Conditional Access Policies For Admin Portal

Configuring Conditional Access Policies For Admin Portal

Conditional Access Policies (CAP) is a security strategy that provides granular control over who can access resources, under what circumstances, and from where. CAP can be configured for Admin Portal as a resource. All the conditions that apply to User Portal or SSO Applications are applicable, allowing higher security and least privilege access control for Admins.
It is highly recommended to configure CAP for Admin Portal to ensure the highest security for your crucial resources.
Admins in your JumpCloud org can be of the following two types: 

  • Standalone Admins with their own credentials and Multi-Factor Authentication (MFA).
  • Users with admin roles assigned to them - either by creating Admins from existing users or editing existing standalone Admins to their matching users in JumpCloud.
    • One credential for users and Admins - Allowing single credential login and management.
    • All Advanced MFA options are now available apart from TOTP.

    CAP for the admin portal will only apply to Admins who are bound to their users.

    Configuring a Conditional Access Policy for Admin Portal

    To configure a conditional access policy for Admin portal:

    1. Log in to the JumpCloud Admin Portal.
    2. Go to SECURITY MANAGEMENT > Conditional Policies.
    3. From the list view, click ( + ), then select Admin Portal as the resource.
      A screenshot showing dropdown in Conditional Access Portal in JumpCloud Admin Portal
    4. Enter the Policy Name and Description.
    5. Under Assignments, click All Admins to add all the users who are Admins.
      A screenshot showing the user groups section for conditional access policies

    Tip:

    If you have a mix of standalone Admins and Admins who are linked to their users while selecting All Admins, the policy will still apply only to the users with Admin roles assigned to them.

    Alternatively, click Select User Groups if you want to assign a policy only to a specific group of Admins. After selecting this option, you can also click Manage User Groups to create an Admins Only user group. See Creating a User Group for Users With Admin Roles to learn more.

    Tip:

    To assign Admin roles to an existing user, see Assigning an Admin Role to a User to learn more.
    Search and exclude user groups as required.

    Search and exclude user groups as required.

    1. Apply conditions as required.
    2. Under Action, customize the conditional access deny message for users as required.
      Note: For Admin Portal CAP, the default action is Deny.
    3. Click Create Policy.
      You have successfully created a conditional access policy for Admin Portal.
    Back to Top

    List IconIn this Article

    Notebook IconLearn More

    Get Started: Conditional Access Policies

    Configure a Conditional Access Policy

    Still Have Questions?

    If you cannot find an answer to your question in our FAQ, you can always contact us.

    Submit a Case