Manage Admin Roles in the MTP

The Multi-Tenant Portal (MTP) is specifically designed to allow remote Managed Service Provider (MSP) admins to do their work more efficiently using one browser-based console. You can assign and edit the roles that admins have across their orgs through the MTP. 


  • You need to enable the MTP for your MSP org to use it. To enable MTP, contact your Partner Account Manager and provide the following information:
    • The org IDs for each managed organization you want to add to your MSP org’s MTP.
    • The email addresses of the JumpCloud admin accounts that will become org admins for your MSP org’s MTP. You have to create these accounts and the admin account owner has to register the accounts before you add them to your MSP org’s MTP. 


If you're not a partner, contact [email protected] 


  • Carefully consider who you give access to Administrator with Billing and Administrator role permissions. 
  • You must always have at least one admin and one user with billing access on the account. These can be the same person.
  • It is recommended to establish at least 2 admins in your JumpCloud console to secure redundancies.
  • Admins without the Administrator with Billing role permissions applied can’t perform the following actions:
    • Add new Admins or Orgs in the MTP
    • Edit Admins in the MTP
  • Admins are notified when they don’t have permissions to take certain actions. 
  • After you’ve launched an organization from the MTP, you can’t edit MTP roles. You can only edit the admin roles within that org. MTP admin roles can only be edited while you are in the MTP.
  • When creating a new admin, API access will be disabled by default.
    • Only Admins with Billing Role can enable this.

Add an Admin Role

To add an admin role:

  1. Log in to your MTP:
  2. Select the Administrators tab.
  3. Click the Plus icon ( + ) to add a new admin.
  4. In the Details tab, complete the fields.
    • Optional: Toggle MFA requirements on or off. 
    • Admins with MFA required will need to set up their MFA on next login.
  5. Click the Permissions & Access tab.
  6. Click Role, and select an option from the dropdown menu.
  7. If you want to give the admin API access, select the checkbox next to Enable API access. See JumpCloud API’s to learn more.
  8. In the Organization Access field, select which org(s) you want to give the selected level of admin access to.
  9. Click Save User. The saved roles will appear in the list view.
    • The assigned role allows varying permissions for each administrator. Learn more about which JumpCloud Admin Portal Roles are appropriate for your organization’s admins. The roles available are:
  • Administrator with Billing: Super admin with all admin privileges including managing billing, other JumpCloud admins, and the MTP.
  • Administrator: Manage users, groups, devices, user authentication, directory integrations, security, and account management.
  • Manager: Manage users, devices, and groups.
  • Help Desk: Intended for internal help dev teams. Create and delete users, reset account passwords, and unlock users. 
  • Billing Only: Accounts with this role can access the Account tab in the MTP, with Read Only permissions everywhere else. From the Account tab, Admins can review the Account Overview, review payment history, update mailing and billing information, and view the usage associated with the account.
  • Read Only: Access and view users and other JumpCloud resources, but can’t perform any management tasks.

MTP Admin Roles

Legacy Legacy New Legacy Legacy New New New
Scope Admin w/ Billing Admin Manager Command Runner w/ Billing Command Runner Help Desk Read-Only Billing Only
Multi-Tenant Portal: Org & Admin management in the MTP Edit Read-Only Read-Only N/A N/A Read-Only Read-Only No Access

Modify an Admin Role

To edit, delete, suspend, or restore an admin role:

  1. Log in to your MTP:  
  2. Select the Administrators tab.
  3. Click the admin name you want to edit. 
  4. Edit the admin role as needed.
    • You can edit an admin’s Permissions & Access tab to change their role permissions and org access.
    • You can Send Password Reset Email.
    • You can SuspendDelete, or Restore a suspended account. You can’t restore a deleted account.

Interested in our Integrations? Learn more:

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case