Get Started: JumpCloud Go™

JumpCloud Go™ provides the most secure and convenient way for users to access their JumpCloud-protected resources the moment they unlock their managed device. After initial registration with their password, users verify their identity seamlessly during device login, unlock, or in the browser using device authenticators with biometrics (Apple Touch ID and Windows Hello). JumpCloud Go improves security for organizations by simplifying the user login flow, reducing authentication fatigue, and minimizing password use. JumpCloud Go authentication also satisfies any User Portal MFA requirements. 

Important:
  • Users must first register JumpCloud Go on their device using their credentials before passwordless verification becomes available.
  • For details on user registration and verification workflows, see Use JumpCloud Go. For troubleshooting, see Troubleshoot: JumpCloud Go.
  • This article covers JumpCloud Go for desktops. To use JumpCloud Go on Apple and Android mobile devices, see Get Started: Mobile Device Trust.

Features:

  • Phishing-resistant: After registering their device, users don't enter their credentials in a browser session. Instead, users verify their identity using either their local device password or biometric device authenticator.
  • Device-bound and hardware-protected: JumpCloud Go leverages device authenticators and hardware secure stores to protect and secure user credentials.
  • Passwordless: Faster, safer, and simpler user verification saves time for users and admins.

Prerequisites:

Considerations:

  • Users need to work from their JumpCloud-managed device and be logged in to their managed device account. JumpCloud Go doesn't support local device accounts.
  • Biometrics are only supported on macOS and Windows devices. Users need to configure biometrics on their device to use them with JumpCloud Go:
  • For Linux devices:
    • Self-contained browsers installed using Snap or Flatpack (including the built-in Firefox browser in some distros) aren't supported. Only browsers installed using standalone methods are supported.
    • Only Chromium-based browsers (Chrome, Edge, and Brave) with the Chrome extension are supported on Linux. 
    • After enabling JumpCloud Go, users on CentOS 7/RHEL 7 devices need to log out and log back in.
  • The JumpCloud agent will install JumpCloud Go components regardless of whether the setting is enabled or disabled in the Admin Portal. See Agent Compatibility, System Requirements, and Impacts.

Understanding Authentication Factors 

When you enable JumpCloud Go, it serves as an MFA factor for User Portal and SSO authentication. End users confirm their identity using their device authenticator. See MFA for Admins.

Tip:

JumpCloud Go serves as an MFA factor when accessing SSO apps in addition to the User Portal.

If you also enable MFA for User Portal authentication, JumpCloud Go uses 3 authentication factors to confirm a user’s identity during registration. For subsequent verifications, users can manually configure biometrics on their device for JumpCloud Go. JumpCloud Go also provides two factor authentication when biometrics aren’t configured, but uses alternative factors (local device password):

JumpCloud Go Authentication Factors

Factor Type Registration without MFA Registration with MFA Verification with biometrics Verification without biometrics
Something you have (managed device)
Something you are (biometrics)
Something you know (password)

Installing the JumpCloud Go Browser Extension

The JumpCloud Go browser extension is required to use JumpCloud Go. You can install it on your devices in the following ways:

Chrome: Using JumpCloud Policy to Deploy the Extension

If your organization is not using Google Workspace and CBCM, you can deploy the browser extension to macOS and Windows devices using a JumpCloud policy. For instructions on using a policy to deploy the browser extension, see Create a Mac or Windows Chrome Force-Installed Extension List Policy.

Chrome: Using CBCM to Deploy the Extension

If your organization is already using Google Workspace, you can deploy the JumpCloud Browser Extension with CBCM. See Chrome Browser Cloud Management documentation.

To install the JumpCloud Go Browser Extension via CBCM:

  1. Go to the Google Admin Portal and log in as a Google Administrator.
  2. Go to Devices > Chrome > Apps & Extensions > Users & browsers.
  3. Click ( + ) at the bottom of the screen, then select the Chrome icon to add a new extension from the Chrome Web Store.
  4. Search for the JumpCloud Go Browser Extension and click Select to add it.
  5. Click JumpCloud Go Browser Extension in the list to expand the menu, and in the right aside under Installation Policy, select Force Install.

Tip:

You can use JumpCloud Browser Patch Management to enroll your devices in Google Chrome Browser Cloud Management and enforce the managed browser extensions. See Chrome Browser Cloud Management Settings

Enabling JumpCloud Go

After adding the JumpCloud Go browser extension to your browsers on your devices, enable the feature in the Admin Portal.

Note:
  • JumpCloud Go is enabled for new organizations by default. If it is not enabled in your org, see the following steps to enable it in the Admin Portal.
  • Enabling JumpCloud Go in Features will automatically enable it as an MFA factor in SECURITY MANAGEMENT > MFA Configuration for your users.

To enable JumpCloud Go for your org: 

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Settings > Features > JumpCloud Go.
  3. Click to toggle JumpCloud Go to On.
  4. Click Save.


Using JumpCloud Go for Step Up MFA

JumpCloud Go SSO requests have additional security with user and device verification occurring during every new application session established using Go. Users that authenticate to the User Portal with JumpCloud Go will see the Go loader while accessing their SSO applications.

In addition, JumpCloud Go is the default MFA method for SSO Conditional Access Policies (CAPs). When a user accesses an application protected by a CAP, they'll be prompted to "step up" and verify their identity using JumpCloud Go. See Get Started: Conditional Access Policies.

Disabling JumpCloud Go

To disable JumpCloud Go for your organization: 

  1. Log in to the JumpCloud Admin Portal.
  2. Go to Settings > Features > JumpCloud Go.
  3. Click to toggle JumpCloud Go to Off.
  4. Click Save.

Important:

If you disable JumpCloud Go, the JumpCloud Go browser extension is not automatically removed from the associated devices. See the following section for steps to uninstall the browser extension.

Uninstalling the JumpCloud Go Browser Extension

The process to uninstall the JumpCloud Go browser extension varies depending on how it was deployed on your devices.

If users manually installed the extension, they can remove it directly from their browser. See Uninstalling the Browser Extension. Otherwise, see the following section if you deployed the Chrome browser extension to your devices.

Chrome: Using JumpCloud Policy to Remove the Extension

If you used a JumpCloud policy to install the browser extension, you will need to remove the devices from the associated policies created in the Admin Portal. See Create a Mac or Windows Chrome Force-Installed Extension List Policy for steps to remove managed devices from the associated policies.

Chrome: Using CBCM to remove the extension

If you used CBCM to deploy the browser extension, you will need to remove the JumpCloud Go browser extension in the Google Admin Portal, or set the extension to Not Installed. See Google’s Managing Extensions in Your Enterprise.

FAQ

Can users still authenticate to JumpCloud with traditional authentication (email and password)?

Yes. A company email and password is required to register JumpCloud Go. Users can still authenticate with traditional methods after JumpCloud Go is enabled.  

Can JumpCloud Go be used for device authentication?

No. Only JumpCloud User Portal and SSO app authentication are supported.

Are device biometrics required to use JumpCloud Go?

No. JumpCloud Go works with biometrics when users have configured them on their device. When biometrics aren't configured, JumpCloud Go requires the user’s local device password for verification.  

How do Conditional Access Policies (CAPs) work with JumpCloud Go?

JumpCloud Go is supported as an MFA method for conditional access policies protecting the User Portal and SSO apps. See Using JumpCloud Go for Step Up MFA and Get Started: Conditional Access Policies for more information.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case