Enable MFA for the Admin Portal

Use Multi-Factor Authentication (MFA) with JumpCloud to secure access to your organization’s Admin Portal. Read this article to learn how to enable MFA for administrators. 

Prerequisites:

Considerations:

  • An admin with the Administrator role cannot enable MFA for an admin with the Administrator with Billing role.
  • An admin with the Administrator with Billing role is able to enable MFA for themselves.
  • See Manage Admin Accounts

Enabling MFA for the Administrator

To enable MFA for all JumpCloud Administrators:

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Settings > Security.
  3. Under Admin Accounts, click the checkbox for Global MFA Requirement.
    • This will enforce MFA for all administrators in the org and any administrators that are added later.
    • If you turn this setting off later, all individual administrators will still have MFA required, but the Multi-factor Authentication Required setting is now editable on the individual administrator level.
  4. Click Save.

To enable MFA for an individual JumpCloud Administrator:

Note:

New administrators created after October 2023 will have MFA required by default.

  1. Log in to the JumpCloud Admin Portal. Log in with administrator credentials.
  2. In the upper right corner of the page, click the green circle with your initials, and then select Administrators. The Administrators window appears.
  3. Click the name of the administrator for whom you want to enable MFA.
  4. Under the Security section, click the toggle to read Multi-Factor Authentication Required, and then click Save. After you enable MFA for the administrator account, an email is sent to the account’s email address with instructions for setting up MFA for their account.
  5. Follow the reset steps in the email. The admin is presented with the QR code and TOTP Key to add to their chosen TOTP token application.

Viewing Enrollment Requirements and Enrollment Status

View at-a-glance information on the MFA health of all admins in your org in Settings > Administrators. The administrators list shows two relevant columns for MFA - MFA: Requirement and MFA: Enrollment.

For MFA: Requirement, possible statuses are:

  • Required: Admin is required to use MFA
  • Not Required: Admin is not required to use MFA

For MFA: Enrolled, possible statuses are:

  • Enrolled: Admin has taken a step to enroll in MFA.
  • Not Enrolled: Admin has not yet taken a step to enroll in MFA.

Monitoring Enrollment Status

The Admins Without MFA Required widget on the Admin Portal Home page shows how many Admins in your org do not have MFA required for Admin Portal login. Click the tile to view a list of the Admins without MFA required. From the list view, you can take the bulk action of enforcing MFA for some or all of the Admins listed.

Note:

Administrator roles determine who will be able to see and interact with this widget:

  • Administrator with Billing – Can see the widget and can take action on the list
  • Administrator Only, Help Desk, Manager, Read Only  – Can see the widget but cannot take action on the list
  • Billing Only – Cannot see the Home page
  • Command Runner, Command Runner with Billing – Can see the Home page but cannot see this widget

See Admin Portal Roles for more information on roles.

To require MFA for Admins on Admin Portal login:

  1. From the Admin Portal Home page, click the Admins Without MFA Required tile.
  2. From the Admins Without MFA Required list, select the Admins you want to enforce MFA login for.
  3. Click Actions, then click Require MFA.
  4. On the confirmation modal, click Require MFA.
  5. The Admin will be required to log in with MFA on their next Admin Portal login.

Tip:

You can enforce MFA for all admins by enabling the Global MFA Requirement under Settings > Security.

The Admins Without MFA Required widget can be removed from the Admin Portal Home page, if desired.

To remove the Admins Without MFA Required widget:

  1. From the Admin Portal, go to Home.
  2. Click Settings.
  3. Under Configure and Customize Widgets, toggle Admins Without MFA Required to off.

Resetting or Enrolling in MFA as an Admin

If you haven't enrolled in MFA and your organization requires it, or if you’re locked out of your JumpCloud Administrator account after enabling MFA, you can enroll or reset from the Admin Portal login flow.

When prompted for MFA, click the link at the bottom of the Verify Your Identity page to reset or enroll. You may also ask the designated admin for your company to reset it for you.

You will be sent an email to to begin the MFA enrollment or reset:

  1. Check your email inbox.
  2. Click Set Up MFA in the email message.
  3. Enter your Email address and Password.
  4. When you enter them, Set Up MFA becomes activated.
  5. Click Set Up MFA.
  6. Download an Authenticator App if you do not have one already or click I Have An App if you already do.
  7. Use the app to scan the QR code.
  8. When you enter the verification code, the Submit button becomes activated. Click Submit.
  9. A message will display stating that the MFA reset was successful.
  10. An email will be sent to you confirming that your TOTP MFA reset was successful.
Back to Top

List IconIn this Article

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case