Get Started: User Groups

Performing group-based assignments on resources can save you time. JumpCloud allows you to create groups, either manually or dynamically through attributes, for users, devices, and policies.

The different types of groups available in JumpCloud are:

  • User Groups – Grant users access to resources. Connect the resources you want users to be able to access (applications, LDAP resources, networks, and more).
  • Device Groups – Pool together your devices for policy enforcement and user account provisioning at scale. Connect the user groups that will get bulk access and assign device policies all at once.
  • Policy Groups – Control and protect devices. Add multiple policies to a policy group, and apply the policy group to a device group.

Creating User Groups

  1. Log in to the JumpCloud Admin Portal.
  2. Go to USER MANAGEMENT > User Groups and click ( + ).
  1. (Required) Enter the group’s Name.


Group names must be unique and are case insensitive.

  1. (Optional) In Description, enter a short description of the group.
  2. (Optional) Select Enable users as Global Administrator/Sudo on all devices associated through device groups. Learn more: Set Admin/Sudo Permissions.
  3. (Optional) Select Create Linux group for this user group to add members of this group to new or existing Linux groups on a supported OS. Enter a group name for the Linux group and a group GID. If the group is bound to LDAP, it will be added to the posixGroup objectClass. Learn more:  Configure Samba Support for Cloud LDAP.


The Linux group name doesn't support hyphens.

  1. (Optional) Select Enable Samba Authentication to enable the LDAP Samba Schema. Learn more: Configure Samba Support for Cloud LDAP.
  2. (Optional) Under Custom Attributes, click add new custom attribute and choose an attribute. Learn more: Group Inherited User Attributes.
  3. Click save when finished.

Adding Users to a Group

  1. On the New User Group panel, select the Users tab.
  2. Select users from the list.


If there are new users in a Staged user state, they can be added to groups, but will not gain access to their assigned resources until they change to an Active user state. Learn more: Manage User States.

  1. Click save.

Connecting Groups to Resources

All resources in JumpCloud are implicitly denied, which means that by default, new users don't have access to a resource endpoint until they are explicitly connected to it directly or through group membership. You can connect the user to any of the resources connected to JumpCloud from a device to applications, networks, etc. See the articles below on connecting users and groups to resources.

Advanced Group Configuration

Creating Attribute Driven Groups

Attribute Driven Groups and Membership Suggestions have been enhanced for a more streamlined experience. Learn more: Configure Dynamic User Groups.

Generating Users to User Groups Reports

The Users to User Groups report allows IT Admins to collect essential data about the membership of user groups, which can be used for troubleshooting and compliance purposes. It also indicates user entitlements. Conflicting entitlements can be tracked and stored in this report for remediation purposes. 

To run Users to User Groups Reports

  1. Navigate to USER MANAGEMENT > User Groups.
  2. Click the Run Users To User Groups Report link.
  1. Either click Ok or Go To Stored Reports.
  2. After the report is finished, if you are not already in the Reports window, navigate to INSIGHTS > Reports.
  3. Access the report from the Stored Reports Queue.


You can also run this report from the Reports window by navigating to INSIGHTS > Reports. See JumpCloud Reports for more information on all the available reports.

Report Data Fields

  • User Name – User ID of the identity
  • Email – Primary email
  • User Group Name – Group associated with the user
  • User Created At – Timestamp for creation of user
  • User State – State of the user
  • Account Locked – Locked status (true/false)
  • Password Expired – Password expiration (true/false)
  • Password Expiration Date – Password expiration date
  • User Object ID – Globally unique identifer of user
  • User Group Object ID – Globally unique identifier of group

Report Behavior

The Users to User Groups Report shows which users belong to each user group. If a user is a member of multiple user groups, that user will have multiple records in the report. For users who don’t belong to any user groups, there will be a record reflecting “no user group”. Likewise for user groups with no members, there will be a record reflecting “no users”.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case