Manage Admin Roles in the MTP

The Multi-Tenant Portal (MTP) is specifically designed to allow remote Admins to do their work more efficiently using one browser-based console. You can assign and edit the roles that Admins have across their managed organizations in the MTP. 

Considerations:

• Carefully consider who you give access to Administrator with Billing and Administrator role permissions. 
• You must always have at least one Admin and one User with billing access on the account. These can be the same person.
• It is recommended to establish at least 2 Admins to secure redundancies.
• Admins without the Administrator with Billing role permissions applied can’t perform the following actions:
  • Add new Admins or Orgs in the MTP
  • Edit Admins in the MTP
• Admins are notified when they don't have permissions to take certain actions. 
• After you've launched an org from the MTP, you can't edit MTP level roles. You can only edit the Admin roles within that org. MTP Admin roles can only be edited while you are in the MTP.
• When creating a new Admin, API access will be disabled by default.
  • Only Admins with Billing Role can enable this.

Add an Admin Role

Prerequisite:

• Learn more about which JumpCloud Admin Portal Roles are appropriate for your org's Admins.

To add an admin role:

1. Log in to your MTP.
2. Click on the Administrators tab.
3. Click the plus icon ( + ) to add a new Admin.
4. In the Details tab, complete the fields for First Name, Last Name, and Administrator Email Address.
   • Optional: Toggle MFA requirements on or off. 
   • Admins with MFA required will need to set up their MFA on next log in.
5. Click the Permissions & Access tab.
6. Click Role, and select an option from the dropdown menu.
7. If you want to give the Admin API access, select the checkbox next to Enable API access. See JumpCloud API’s to learn more.
8. In the Organization Access field, select which org(s) you want to give the selected level of Admin access to.
9. Click Save User. The saved roles will appear in the list view.
   • The assigned role allows varying permissions for each Admin.

The roles available are:

• Administrator with Billing: "Super" Admin with all Admin privileges including managing billing, other JumpCloud Admins, and full access to the MTP.
• Administrator: Manage users, groups, devices, user authentication, directory integrations, security, and account management.
• Manager: Manage users, devices, and groups.
• Command Runner with Billing: Accounts with this role can manage account payment methods and run commands on devices.
• Command Runner: Accounts with this role can only run commands they're given access to. 
• Help Desk: Intended for internal help dev teams. Create and delete users, reset account passwords, and unlock users. 
• Billing Only: Accounts with this role can access the Account tab in the MTP, with Read Only permissions everywhere else. From the Account tab, Admins can review the Account Overview, review payment history, update mailing and billing information, and view the usage associated with the account.
• Read Only: Access and view users and other JumpCloud resources, but can't perform any management tasks.

Modify an Admin Role

To edit, delete, suspend, or restore an Admin role:

1. Log in to your MTP.  
2. Click on the Administrators tab.
3. Click on the name of the Admin you want to edit. 
4. Edit the Admin role as needed.
   • You can edit an admin's Permissions & Access tab to change their role permissions and org access.
   • You can Send Password Reset Email.
   • You can Suspend, Delete, or Restore a suspended account. You can't restore a deleted account.