Help Center Home > MFA > FAQ: Give User an Admin Role

FAQ: Give User an Admin Role

Will all existing admins with matching users be assigned by default?

No, your admin accounts will remain as they are today. However, an in-product notification under Settings > Administrators will let you know if you have existing admin accounts who have matching users. We recommend that you edit and update the administrator to the matching user to get the most out of the feature. See Secure Admin Portal Logins with Advanced MFA Options for instructions.

Will my admin credentials still be available if I manage an admin from an existing user account?

No. Once you assign an admin role to an existing user, the administrator credentials will be deleted and no longer available. This is done for security purposes. User credentials will be the only way to get into the Admin Portal with a single identity.

Will all MFA factors for admins be available?

Yes, all MFA factors will be available for admins that are created from users. For regular admins not created from users, only TOTP is available. See MFA Guide for Admins for more information on MFA factors supported in JumpCloud.

Are there any changes to session lengths for admins and users?

There are no changes to session lengths for admin and user sessions. The User Portal session length is configurable, while the Admin Portal times out after 1 hour.

Can I set password length and complexity requirements for admins created from users?

Since admins are created from users as a single identity, all password policies applied to the user will be in effect when accessing the Admin Portal directly as user with an admin role as well. 

Is this feature applicable for the JumpCloud Mobile Admin App?

Yes, users with admin roles will be able to log in to the Mobile Admin App with their user credentials.

My user account is deleted/locked/suspended. What happens to my access to the Admin Portal?
  • If a user account is deleted, then the admin account is automatically deleted.
  •  If the user account is locked, then the admin account is disabled, but API access is still available. 
  • If the user account is suspended, then the admin account is suspended and does not have API access.
Can I specify the MFA method for certain admins?

No, selecting specific MFA factors for Admin Portal access is currently not supported.

What happens to automations or integrations created using API keys with service admin accounts?

You can continue to create admin accounts for automation or integration with the “As New” option and selecting Enable API Access. See Creating JumpCloud Admins to learn more.

What happens if an admin is created from a user who is not yet enrolled in MFA?

There are guardrails in place to ensure a security-first approach to such a high-privileged resource like the Admin Portal. An enrollment screen is presented before a user who has an admin role can access the Admin Portal. This is available whether the user logs into the Admin Portal directly or from within the User Portal.

Will an admin get an email when a role is assigned to their existing user?

Yes. Whether a new admin is created from an existing user or a current admin is edited to assign the admin role to an existing user, an email is sent to the admin/user email indicating the access implications and that they can now log in to the Admin Portal with their user credentials and MFA.

My admin authentication is managed via 3rd-party idP federation. Can I still access the Admin Portal with this feature?

Yes. Admins with 3rd-party federation can still be assigned roles to an existing user within JumpCloud if one exists. We recommend you ensure proper MFA is configured at the identity provider side as a best practice to ensure higher security for access to the Admin Portal.

Back to Top

Notebook IconLearn More

Secure Admin Portal with Advanced MFA Options

MFA Guide for Admins

Manage Admin Accounts

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case