If you are a JumpCloud Admin or want to learn about administrative MFA configurations, see MFA Guide for Admins.
Multi-factor Authentication (MFA), sometimes referred to as Identity Verification or Two-Factor Identification (2FA), helps secure access to the resources you use everyday by asking you to prove who you are with multiple factors. When your IT Admin requires you to use MFA, you need to provide your username and password and an additional factor to log in. This additional factor can be something you know, like a PIN, something you have, like a security key, or something you are, like a fingerprint.
You may be required to use one or more of the following MFA Factors with your JumpCloud user account:
- JumpCloud Go
- Push MFA
- Verification Code (TOTP) MFA
- Security Keys
- Device Authenticator
- Duo Security MFA
About JumpCloud Go
JumpCloud Go enables passwordless login to JumpCloud-managed web resources on your managed device. Other than initial registration, you won’t need to enter your email, password, and MFA every time you access your resources. Instead, you’ll verify your identity with your device authenticator (Apple Touch ID or Windows Hello) every 12 hours.
Using JumpCloud Go MFA
When enabled, you can approve User Portal and SSO login requests from your managed device authenticator.
To learn how to use JumpCloud Go:
About Push MFA
Push MFA is a type of solution that sends a notification to your mobile device after you've logged in to a resource with your username and password. When you click the notification, you're asked to approve or deny the login request. When you tap Approve, you gain access to your resource.
JumpCloud protects against fraudulent push attempts by blocking more than one notification per resource within a sixty second period (the number of maximum concurrent attempts can be changed by an admin). You can try again after the timeout or after you have approved or denied the initial request.
Typically you have to download an app when you set up for Push MFA. To use Push MFA with your JumpCloud user account, your admin has you download JumpCloud Protect.
Using Push MFA
Use Push MFA to log in to your User Portal and SSO applications.
You can set up and find your Push MFA status in the Security tab of the JumpCloud User Portal.
To learn how to use Push MFA:
About Verification Code (TOTP) MFA
Verification Code (TOTP) MFA uses authentication codes called Time-based One Time Passwords (TOTP). When you log in to a resource that’s guarded by TOTP MFA, you need to provide your username, password, and a TOTP code generated by the authenticator application on your phone or computer. These codes are generated from an authenticator application on a mobile phone or computer, like JumpCloud Protect, Google Authenticator, or Yubico Authenticator.
Using Verification Code (TOTP) MFA
Your IT Admin decides where you use TOTP MFA, but you may be asked to use TOTP MFA when you log in to the User Portal, RADIUS server, and your device.
For certain applications, you may need to manually advance, or use the tab key, to enter the code digit-by-digit in the individual TOTP fields.
You can set up and find your TOTP MFA status in the Security tab of the JumpCloud User Portal.
To learn how to use TOTP MFA:
About Security Keys
A security key is a device that often looks like a USB drive that's used with MFA. When you log in to a resource that's guarded by a security key, you must provide your username, password, and the security key.
Using Security Keys
You can use security keys to log in to the User Portal and SSO applications and to verify password resets made from the User Portal.
You can set up and find your security key status in the Security tab of the JumpCloud User Portal.
About Device Authenticators
Device authenticators are unique to your device and are often a biometric-enabled device like Apple Touch ID or Windows Hello. This can be used as a form of authentication to verify your identity.
To enroll Windows devices with device authenticator, Windows Hello must already be set up.
You can enroll your device and find your device authenticator status in the Security tab of your JumpCloud User Portal.
To learn how to use security keys or device authenticators:
About Duo Security MFA
Duo Security MFA lets you log in to a resource using push notifications, phone callbacks, and mobile passcodes provided by Duo. Your IT Admin chooses the authentication options you have for Duo Security MFA.
When you log in to a resource that’s guarded by Duo Security MFA, you need to provide your username, password, and choose an authentication option. Then you provide the factor that’s required for authentication.
Using Duo Security MFA
You can use Duo Security MFA to log in to the User Portal and SSO applications and to verify password resets made from the User Portal.
You only see Duo Security MFA when you choose to use it to log in to a resource. You don’t see it in the User Portal.
To learn how to use Duo Security MFA: