If your administrator enables it, you can download the JumpCloud Protect® mobile app to secure your accounts using Multi-Factor Authentication (MFA). The app can be downloaded from the iOS App Store or the Google Play Store. Once you have downloaded the app and successfully enrolled your device, you can authenticate using Push MFA or Verification (TOTP) Code MFA.
This KB article will answer common questions and offer suggestions to troubleshoot any issues that may arise during your use of JumpCloud Protect.
iOS 13 and above, and Android 8 and above.
On Android devices, Push notifications do not wake the device from sleep, though a sound may play if enabled. You will need to wake the device before interacting with the Push notification.
The JumpCloud Protect app may run on a tablet but is not optimized for tablets at this time.
There are a number of reasons why this may occur. Some common reasons, and solutions, include:
- You must enable camera permissions on your device in order to scan the QR code necessary to enroll.
- If you wish to receive Push notifications, you must give JumpCloud Protect permission to send them.
No. Currently, you can only enroll one device at a time with JumpCloud Protect.
When enrolling a new device, you must enroll the new device before wiping the old one or log in using another factor. If those steps are missed you will have to contact your admin.
No. You need to enroll in each type of MFA separately.
No, enrollments cannot be transferred. When you enroll a new device through the JumpCloud User Portal, the old device is automatically unenrolled.
Ensure that your device is not in airplane mode and your Wi-Fi network is receiving data. If your device is on a cellular network, ensure that cellular data is turned on. Ensure that notifications are turned on for the JumpCloud Protect app.
In order to receive push notifications, your phone must be able to connect to a network, either Wi-Fi or data.
Additionally, push notifications on Android devices may not work in countries such as China because the Google Cloud Messaging (GCM) service may be blocked.
If you have configured an alternate MFA method such as TOTP or WebAuthn, you can use that method to log into your User Portal and remove Push enrollment. If you have not set up an alternative factor, you should contact your admin and have them contact JumpCloud.
JumpCloud Protect will collect certain diagnostic and usage data for troubleshooting issues and continuous app improvements. There is no user information collected.
Yes. In the JumpCloud Protect app, you can opt out of diagnostic and usage data collection from the Settings > Privacy screen.
Yes. If you decide to use JumpCloud Protect for verification code MFA in the future, you will need to enroll in it using your JumpCloud User Portal. Once you do so, your current Verification code MFA will be reset and you will have to use JumpCloud Protect.
Here are some troubleshooting hints to ensure you receive push notifications:
- Verify that your device is not in “Do Not Disturb” mode.
- Ensure that your device is connected to Wi-Fi or data, and that your connection is strong enough to receive notifications.
- Ensure that the JumpCloud Protect app has permission to receive push notifications. This can be enabled under your device’s Settings screen.
- Restart your device and try to receive a notification again.
- Contact your organization’s IT administrator.
- Touch ID could fail because of a wet finger or something similar. You can revert to using passcode or can try TouchID again.
- Face ID could fail for multiple reasons (awkward positioning, mask-wearing). You can revert to using passcode or can try Face ID again.
- If Biometric is still not working you should use a different factor such as TOTP or webauthn.
Push Bombing is a hacking method of triggering multiple 2FA attempts using push notifications until the user may accept the request accidentally. MFA Fatigue is the term for when, due to the multiple 2FA requests, a user accepts the fraudulent request out of frustration Here are ways to protect yourself against such an attack:
- Make sure you are following a strong password policy.
- Enable biometric on your device and ask your administrator to enable it for JumpCloud Protect.
- Verify application and location information before approving a push request. Location information does not have 100% accuracy, especially at the city level. If you suspect a request is fraudulent, deny the request and notify your IT admin.
JumpCloud protects against fraudulent push attempts by blocking more than one notification per resource within a sixty second timeout period(the number of maximum concurrent attempts can be changed by an admin). You can try again after the timeout or after you have approved or denied the initial request.
Notifications which might have been lost due to a bad network or accidental deletion will still be fetched; users do not have to re-send the notification for those scenarios.