Subscribe to Help Center RSS FeedJumpCloud uses roles to define access control and assign specific permissions to users, both within the Admin Portal, and across systems and resources (like users, groups, policies, and devices). This enables granular control, allowing Admins to tailor roles based on specific responsibilities and requirements. You can create custom Admin roles with specific view and edit access.
This feature is available for direct organizations only. In the Multi-tenant portal, it is available for all the managed organizations. It is not available on the MTP homepage. We are working on making it available.
Prerequisite:
- Super Admin (Admin with Billing or equivalent) role is required for creating custom Admin roles.
Creating a Custom Role
To create a custom role:
- Log in to the JumpCloud Admin Portal.
- Go to Settings > Administrators. All Admins are listed here.
- Go to the Custom Roles tab.
- Click +Add Custom Role.
- Enter a Custom Role Name and Description (optional).
- Click Choose Default Role as Template, and select an option from the drop-down menu. For the selected role, the permissions appear.
- Edit the permissions as required and click Save.
Only an Admin with Billing can edit the permissions.
You’ll see a success message stating that a custom role has been created.
Currently, we support a maximum of 20 custom roles. The Admin can assign a custom role to an existing or newly created Admin.
Custom Admin Roles Permission Categories
Admin with Billing role (Super Admin) can allow specific combinations of granular permissions in permission categories to the admins. Here is a table that describes the permission categories and the respective permissions:
| Permission Category | Sub-categories | Permission Type | |||
| Access Management | Conditional Access Policies and IP Lists | Full Access | View | No Access | |
| Multi Factor Authentication | |||||
| Radius Authentication | |||||
| Password Manager | |||||
| Application Management | Applications | Create | Update | Delete | View |
| Associations | Associations | Full Access | View | N/A | |
| Command & Automation | Commands | Full Access | View | No Access | |
| Command Templates | |||||
| Run Command | Checkbox Selection | ||||
| Core Administration | Administrator Management | Full access | View | No Access | |
| Notification Channels | Full access | View | Full access | ||
| Support Access | Full access | View | Full access | ||
| Role Management | Full access | View | Full access | ||
| Organization Management | Full access | N/A | Full access | ||
| Billing Management | Full access | N/A | Full access | ||
| Subscription Information | N/A | View | Full access | ||
| Device Management | Mobile Device Management | Full Access | View | No Access | |
| Volume Purchase Program | Full Access | View | No Access | ||
| Remote Assist | Full Access | N/A | No Access | ||
| Remote Assist Sessions | Full Access | N/A | No Access | ||
| Devices | Full Access | View | No Access | ||
| Device Support | Checkbox Selection | ||||
| Directory Integration Management | Directory Management | Full Access | View | No Access | |
| Groups Management | Group Management | Full Access | View | No Access | |
| Monitoring & Analytics | Directory Insights | N/A | View | No Access | |
| Reports | Full Access | View | No Access | ||
| Search API | N/A | View | No Access | ||
| System Insights | N/A | View | No Access | ||
| AI Search | Full Access | View | No Access | ||
| Health Monitoring Rules | Full Access | View | No Access | ||
| Health Monitoring Alerts | Full Access | View | No Access | ||
| Event Logs | N/A | View | No Access | ||
| Add-ons Information | N/A | View | No Access | ||
| SaaS and Asset Management | SaaS Applications | Full access | View | No Access | |
| Asset Management | |||||
| User Management | User Management | Full Access | View | No Access | |
| Unlock User Accounts | Checkbox Selection | ||||
| Set password for Users | Checkbox Selection | ||||
| Expire User Password | Checkbox Selection | ||||
| Activate / Suspend Users | Checkbox Selection | ||||
| Manage User MFA | Checkbox Selection | ||||
| Send Activation or Password Reset Mail | Checkbox Selection | ||||
For User Management and Application Management categories, the super admin can give CRUD and view permissions to the admins. Enable the Full Access toggle button to provide all permissions at once.
The Event logs scope under Monitoring & Analytics category is not visible for direct organizations. We are working on resolving this.
In a small number of scenarios, users with full-access to Associations category may encounter denials. We are working on resolving this.
Editing and Updating a Custom Role
To edit and update a custom role:
- Log in to the JumpCloud Admin Portal.
- Go to Settings> Administrators. Go to the Custom Roles tab.
- Click the Role Name that you want to edit the details for.
- Make changes and click Save.
Deleting a Custom Role
To delete a custom role:
- Log in to the JumpCloud Admin Portal.
- Go to Settings> Administrators. Go to the Custom Roles tab.
- Click Delete next to the role you want to delete. A pop-up will appear.
- Select an alternate role for the respective users who have been assigned the custom role. Then click Delete.
If a custom role hasn’t been assigned to any users, it can be deleted directly.
In this Article
Learn More