Enable MFA for the Admin Portal

Use Multi-Factor Authentication (MFA) with JumpCloud to secure access to your organization’s Admin Portal. Read this article to learn how to enable MFA for administrators. 

Prerequisites:

• Obtain an application to generate TOTP tokens. See Set Up Authenticator App for User Account.

Considerations:

• An admin with the Administrator with Billing role can enable MFA for themself.
• An admin with the Administrator role cannot enable MFA for an admin with the Administrator with Billing role.
  • See Manage Admin Accounts. 
• The JumpCloud MFA requirement is not applicable when administrators use Sign in with Google for login. In such cases, the MFA configured on the Google account will apply.

Enabling MFA for the Administrator

Viewing Enrollment Requirements and Enrollment Status

View at-a-glance information on the MFA health of all admins in your org in Settings > Administrators. The administrators list shows two relevant columns for MFA - MFA: Requirement and MFA: Enrollment.

For MFA: Requirement, possible statuses are:

• Required: Admin is required to use MFA
• Not Required: Admin is not required to use MFA

For MFA: Enrolled, possible statuses are:

• Enrolled: Admin has taken a step to enroll in MFA.
• Not Enrolled: Admin has not yet taken a step to enroll in MFA.

Monitoring Enrollment Status

The Admins Without MFA Required widget on the Admin Portal Home page shows how many Admins in your org do not have MFA required for Admin Portal login. Click the tile to view a list of the Admins without MFA required. From the list view, you can take the bulk action of enforcing MFA for some or all of the Admins listed.

To require MFA for Admins on Admin Portal login:

1. From the Admin Portal Home page, click the Admins Without MFA Required tile.
2. From the Admins Without MFA Required list, select the Admins you want to enforce MFA login for.
3. Click Actions, then click Require MFA.
4. On the confirmation modal, click Require MFA.
5. The Admin will be required to log in with MFA on their next Admin Portal login.

The Admins Without MFA Required widget can be removed from the Admin Portal Home page, if desired.

To remove the Admins Without MFA Required widget:

1. From the Admin Portal, go to Home.
2. Click Settings.
3. Under Configure and Customize Widgets, toggle Admins Without MFA Required to off.

Resetting or Enrolling in MFA as an Admin

If you haven't enrolled in MFA and your organization requires it, or if you’re locked out of your JumpCloud Administrator account after enabling MFA, you can enroll or reset from the Admin Portal login flow.

When prompted for MFA, click the link at the bottom of the Verify Your Identity page to reset or enroll. You may also ask the designated admin for your company to reset it for you.

You will be sent an email to to begin the MFA enrollment or reset:

1. Check your email inbox.
2. Click Set Up MFA in the email message.
   
3. Enter your Email address and Password.
   
4. When you enter them, Set Up MFA becomes activated.
5. Click Set Up MFA.
6. Download an Authenticator App if you do not have one already or click I Have An App if you already do.
   
7. Use the app to scan the QR code.
   
8. When you enter the verification code, the Submit button becomes activated. Click Submit.
9. A message will display stating that the MFA reset was successful.
   
10. An email will be sent to you confirming that your TOTP MFA reset was successful.