Manage MSP Admins in the MTP

You can manage Managed Service Provider (MSP) Admin accounts in each of your managed organizations within the JumpCloud Multi-Tenant Portal (MTP). After you add an Admin, you can view their details and perform a variety of other actions like requiring Multi-Factor Authentication (MFA), suspending/restoring accounts, and resetting passwords. 

Prerequisites:

You need to have the MTP enabled for your MSP org to use it. To get the MTP for your MSP org, please contact your Partner Account Manager and make sure to provide the following info:

• The org IDs for each managed org you want to add to your MSP org’s MTP.
• The email addresses of the JumpCloud Admin accounts you want to make Admins for your MSP org’s MTP. These accounts must be created (by you) and registered (by the Admin account owner) prior to being added to your MSP org’s MTP.

Considerations:

• All Admin accounts for your MSP org’s MTP have access to all of your MSP managed orgs. 
• The MTP supports granular permissions; you can restrict access to specific orgs per MSP Admin account.
• Existing orgs aren’t automatically added to your MSP org’s MTP when it’s activated. You need to ask JumpCloud Support to add existing org’s to your MSP org’s MTP.
• Admin accounts for your MSP org’s MTP are automatically given access to orgs created in the MTP.
• When creating a new admin, API access will be disabled by default.
  • Only Admins with Billing Role can enable this. See Manage Admin Accounts to learn more.

Adding an Admin

To add an Admin to your MTP:

1. Log in to the MTP.
2. Click the Administrators tab.
3. Click the plus icon ( + ).
4. In the Details tab, enter a First Name, Last Name, and Administrator Email Address* for the new Admin.
   • Note: You must specify an email address before you can save an Admin.
5. Toggle Multi-Factor Authentication on or off.
   • Note: If MFA is required for an MSP Admin account, the Admin will be required to provide a TOTP token with their account credentials on their next login.
6. In the Permissions & Access tab, click the Permissions dropdown menu and select the Role* you want to assign to the Admin.
   • See Manage Admin Roles in the MTP to learn more.
7. API key access is disabled by default for all new Admins. Select Enable API access to allow the Admin to generate their own key.
8. In the Organization Access field, select the orgs you want to give your Admin access to. 
9. Click Save. You can now view details for this Admin account on the Administrators tab.

Viewing Details for Your MTP Admins

To view details for MTP Admins:

1. Log in to the MTP.
2. Select the Administrators tab.

The following details are shown for admin accounts:

• Name – The Admin’s first and last name.
• Email – The Admin’s account email address.
• Role – The Admin’s role/permission level.
• Organizations – The orgs your Admin can access.
• Status – The Admin’s account status; either active, pending, or suspended.
• API Key Access – If the Admin has access to generate and use an API key or not. Hover over the status to see what it means.
• MFA: Requirement – Whether the Admin is required to use MFA; status is either Required or Not Required
• MFA: Enrollment – Whether the Admin has taken the first step to enroll in MFA; status is either Enrolled or Not Enrolled

Editing Admins

To edit an Admin:

1. Log in to the MTP.
2. Click the Administrators tab.
3. Click on the Admin’s Name in the list.
4. On the Details tab, modify the Admin’s information:
   • First Name – The Admin’s first name.
   • Last Name – The Admin’s first name.
   • Administrator Email Address* – The Admin’s email address. This field is required.
5. Under Security, you can toggle Multi-Factor Authentication Not Required or Required.
   • When MFA is required for an MTP Admin account, the Admin will be required to provide a TOTP token with their account credentials when they log in to your MSP org’s MTP.
6. You also have the option to Send TOTP Reset Email.
7. Under Account Settings, you can see the status of the account (Active, Suspended)
8. You can also:
   • Send Password Reset Email
   • Suspend Account
   • Restore Account (This option is only available for an account that is already suspended)
9. Click the Permissions & Access tab, under Permissions, click the Role dropdown menu and select which role you want to assign to the Admin. See Manage Admin Roles in the MTP to learn more.
10. If you want to give the admin API access, select the checkbox next to Enable API access. If it’s enabled and the Admin has generated a key, you’ll see the first four characters of the Admin’s API key, and the date it was created as well. See JumpCloud API’s to learn more.
11. In the Organization Access field, select the orgs you want to give your Admin access to.
12. Click Save. You can now view details for this Admin account on the Administrators tab.

Requiring and Removing MFA for Admins

The Global MFA Requirement setting is accessible to Administrators with Billing in the MTP and allows Administrators to require MFA for all MSP Admin accounts when logging in to the MTP.

To enable MFA for all MSP admins:

1. Log in to the MTP.
2. Go to Settings > Account.
3. Select the checkbox for Global MFA Requirement.
4. This will enforce MFA for all existing MSP Admins and any that are added later.
   • If you turn this setting off later, individual MSP Admins will still have MFA required, but the Require Multi-Factor Authentication setting is now editable on the individual Admin detail page.
   • Note: Enabling the Global MFA Requirement setting will not impact accounts where MFA was required previously.
5. Click Save.

You can require MFA for an individual Admin when you add them by clicking Require Multi-Factor Authentication, or you can modify existing Admins to require it. 

To require MFA for an individual Admin:

1. Log in to the MTP.
2. Click the Administrators tab.
3. Select an Admin from the list. The Edit Administrator side window displays.
4. On the Details tab, under Security toggle Multi-factor Authentication Not Required. This pulls up a window asking if you would like to require MFA for the Admin. Click Require MFA.
5. Click Save.
6. You’ll see the Admin’s MFA enrollment status under the Administrators tab in the MFA: Enrollment column. 

To remove MFA for an individual Admin:

1. Log in to the MTP.
2. Click the Administrators tab.
3. Select an Admin from the list, under Security toggle Multi-factor Authentication Required. This pulls up a window asking if you would like to Remove MFA Requirement. Click Remove MFA.
4. Click Save.
5. You’ll see the Admin’s MFA enrollment status under the Administrators tab in the MFA: Enrollment column. 

Suspending and Restoring Admin Accounts in the MTP 

To suspend an Admin account: 

1. Log in to the MTP.
2. Click the Administrators tab.
3. Click an Admin from the list. The Edit Administrator side window displays.
4. Under Account Settings, click Suspend Account.

5. Confirm that you want to suspend the selected account, then click Suspend. 
6. Click Save. The account appears as suspended in the Admins list.

To restore a suspended Admin account:

1. Log in to the MTP.
2. Click the Administrators tab.
3. Click an Admin from the list. The Edit Administrator side window displays.
4. Under Account Settings, click Restore Account. 
5. Confirm that you want to restore the selected Admin account, then click Restore. 
6. Click Save. The account appears as active in the Admins list. 

Interested in our Integrations? Learn more:

• Integrate ConnectWise Manage in the MTP
• Integrate Autotask PSA in the MTP
• Integrate Syncro PSA in the MTP