You can manage Multi-Tenant Portal (MTP) Admin accounts in each of your managed organizations within the JumpCloud MTP. After you add an Admin, you can view their details and perform a variety of other actions like requiring Multi-Factor Authentication (MFA), suspending/restoring accounts, and resetting passwords.
Considerations:
- All Admins in your MTP have access to all of the managed orgs in that MTP.
- The MTP supports granular permissions; you can restrict access to specific orgs per MTP Admin account.
- Existing orgs aren’t automatically added to your managed org's MTP when they’re activated. You need to ask JumpCloud Support to add existing org's to your managed org's MTP.
- Admin added to an org's MTP are automatically given access to orgs created in the MTP.
- When creating a new Admin, API access will be disabled by default.
- Only Admins with Billing Role can enable this. See Manage Admin Accounts to learn more.
Adding an Admin
To add an Admin to your MTP:
- Log in to the MTP.
- Click the Administrators tab.
- Click the plus icon ( + ).
- In the Details tab, enter a First Name, Last Name, and Administrator Email Address* for the new Admin.
- Note: You must specify an email address before you can save an Admin.
- Toggle Multi-Factor Authentication on or off.
- Note: If MFA is required for an MTP Admin account, the Admin will be required to provide a TOTP token with their account credentials on their next login.
- In the Permissions & Access tab, click the Permissions dropdown menu and select the Role* you want to assign to the Admin.
- See Manage Admin Roles in the MTP to learn more.
- API key access is disabled by default for all new Admins. Select Enable API access to allow the Admin to generate their own key.
- In the Organization Access field, select the orgs you want to give your Admin access to.
- Click Save. You can now view details for this Admin account on the Administrators tab.
Viewing Details for Your MTP Admins
To view details for MTP Admins:
- Log in to the MTP.
- Select the Administrators tab.
The following details are shown for admin accounts:
- Name - The Admin’s first and last name.
- Email - The Admin’s account email address.
- Role - The Admin's role/permission level.
- Organizations - The orgs your Admin can access.
- Status - The Admin’s account status; either active, pending, or suspended.
- API Key Access - If the Admin has access to generate and use an API key or not. Hover over the status to see what it means.
- MFA: Requirement - Whether the Admin is required to use MFA; status is either Required or Not Required
- MFA: Enrollment - Whether the Admin has taken the first step to enroll in MFA; status is either Enrolled or Not Enrolled
Editing Admins
To edit an Admin:
- Log in to the MTP.
- Click the Administrators tab.
- Click on the Admin’s Name in the list.
- On the Details tab, modify the Admin's information:
- First Name - The Admin's first name.
- Last Name - The Admin's first name.
- Administrator Email Address* - The Admin's email address. This field is required.
- Under Security, you can toggle Multi-Factor Authentication Not Required or Required.
- When MFA is required for an MTP Admin account, the Admin will be required to provide a TOTP token with their account credentials when they log in to your managed org’s MTP.
- You also have the option to Send TOTP Reset Email.
- Under Account Settings, you can see the status of the account (Active, Suspended)
- You can also:
- Send Password Reset Email
- Suspend Account
- Restore Account (This option is only available for an account that is already suspended)
- Click the Permissions & Access tab, under Permissions, click the Role dropdown menu and select which role you want to assign to the Admin. See Manage Admin Roles in the MTP to learn more.
- If you want to give the admin API access, select the checkbox next to Enable API access. If it's enabled and the Admin has generated a key, you'll see the first four characters of the Admin’s API key, and the date it was created as well. See JumpCloud API’s to learn more.
- In the Organization Access field, select the orgs you want to give your Admin access to.
- Click Save. You can view details for this Admin account on the Administrators tab.
Requiring MFA for Admins
JumpCloud requires MFA for all Admins. The non-editable Global MFA Requirement setting can be viewed in the Admin Portal under Settings > Account.
Suspending and Restoring Admin Accounts in the MTP
Before suspending an Admin account, see Suspend and Reactivate User Accounts to learn more.
To suspend an Admin account:
- Log in to the MTP.
- Click the Administrators tab.
- Click on an Admin from the list.
- Under Account Settings, click Suspend Account.
This immediately removes the Admin's access to the MTP while maintaining their date and configuration records.
- Confirm that you want to suspend the selected account, then click Suspend.
- Click Save. The account appears as suspended in the Admins list.
To restore a suspended Admin account:
- Log in to the MTP.
- Click the Administrators tab.
- Click an Admin from the list.
- Under Account Settings, click Restore Account.
- Confirm that you want to restore the selected Admin account, then click Restore.
- Click Save. The account appears as Active in the Admins list.