Settings in the Admin Portal

Settings within the Admin Portal give IT Admins quick access to update the features and resources important for their organization and users. Accessing your Settings is the same for each feature; however, the navigation between tabs will differ. Dive in and learn more about the Admin Portal's Settings below.

Accessing Your Settings

To access Settings:

  1. Log in to your JumpCloud Admin Portal.
  2. In the left navigation, click on Settings
  3. There are five tabs under Settings that you can click between. Some have their own menu of features on the right hand side. Click between the tabs and features you want to view and update. 
  4. Once you're finished making updates in a given tab, click Save

Organization Profile

The Organization Profile houses general settings that your users will encounter. This is where you can find your Organization ID, or Customize Logo for the company. You can adjust User Portal settings like enabling read-only access for users, or change session timeout. You can also disable SSO with Google access, or Request to Delete the organization entirely.

General

To name your Organization:

  1. Under Settings > Organization Profile > General section, you can apply an Organization NameContact Name and Contact Email.
    • Various emails will include a contact link to this contact name and email.

To access your Organization ID:

  1. To view and/or copy your Organization ID, click the ‘eye’ icon to display all characters.
  2. Click the ‘double page’ icon to copy the ID.
  1. You can click Choose A File, or Upload or drag a file to add either a .png or .jpg with a transparent or white background. You can see what your logo will look like in Headers, Emails and Login from JumpCloud to your org’s users under Preview Logo

Note:

Logos must meet a minimum resolution of 400px X 400px and have a max file size of 780 KB.

  1. Click Save if these are your only changes.

User Portal Settings

You can give your users read-only access in their User Portal, and/or allow them to download the JumpCloud agent directly from their User Portal. 

  1. Select Enable read-only on the user portal’s profile page for all users to limit their access. Clear the checkbox to disable this.
  2. Select Allow all users to enroll devices through the User Portal so they can download the JumpCloud Agent directly from their User Portal. Clear the checkbox to disable this. See Enable Users to Install the Agent to learn more.
  3. Click Save if these are your only changes.

Note:

You can't customize the URL of the User Portal.

User Portal Session Duration

You can adjust the duration that the User Portal stays active before the session expires and the user is required to log in with their credentials again. This ensures that an idle device can't be used by malicious parties to access sensitive data.

Note:

The default value for User Portal Session Timeout is 8 hours. 

Considerations

  • Activity is defined as interactions with the server, like launching apps (Identity Provider and Service Provider initiated) or updating user info. 
  • Updates to the duration settings won’t affect a user’s current session but will apply the next time they log in. 
  • The duration settings currently apply to all factors of authentication enabled for a user.
  • The duration settings apply only to the JumpCloud User Portal. In many cases, setting duration must be defined on the Service Provider side (ex: AWS, Slack etc).
  • When the browser session is terminated, the User Portal session will also be terminated. 

To set User Portal Session Duration:

  1. Set a User Portal Session Duration in DaysHours or Minutes specifying how long you want the User Portal to stay active before going idle and prompting users for their login credentials. The minimum time you can set is one minute, and the maximum is 90 days.
  2. Click Save if these are your only changes.

Note:

The default value for Admin Portal session timeout is 60 minutes. The session length is not configurable.

Administrator Management

Administrators can have Single-Sign On (SSO) with Google enabled in their Admin Portal so they save time by using one set of credentials to access their Admin Portal.

To enable SSO with Google for Admins:

  1. Select Disable SSO with Google on Admin Portal to remove the ability for admins to access their Admin Portal through one set of credentials. Leave it cleared if you want them to be able to log in with one set of credentials.
  2. Click Save if these are your only changes.

To disable SSO with Google for Admins, see Disable Google SSO in the Admin Portal to learn more.

Note:

Each Admin will need to connect their Google account to be able to log in to JumpCloud with Google.

To connect your Google account:

  1. From the Administrators tab, select the Admin you want to edit.
  2. In the Edit Administrator panel, scroll to Account Settings, then click Connect.
  3. Follow the Google prompts to connect your account.
  4. When your account is connected, click Sign in with Google on the JumpCloud Administrator login screen to sign in using your Google credentials.

Delete the Organization

Warning:

Org deletions are fully destructive and non-recoverable. 

To delete the org:

  1. Click Request to Delete to submit a deactivation ticket. You will be prompted to Enter Org ID to confirm the deletion request.
    • Note: Support will reach out to you to confirm the account details for the deletion. In the meantime, remove all users and devices from this organization. See Delete an Organization to learn more.
  2. Click Request to Delete.

Security

For password settings, see Manage Password and Security Settings to learn more.

Admin Accounts

Select the option under Global MFA Requirement to require all Admins in the org to use Multi-Factor Authentication (MFA).

Note:

This setting is not available in Managed Service Provider (MSP) tenant orgs.

  • When this setting is enabled, you can't edit the Enable Multi Factor Authentication for Admin Login setting on the individual Admin level.
  • If this setting is enabled, and you later disable it, all individual Admins will still have MFA required, but the Enable Multi Factor Authentication for Admin Login setting is now editable on the individual Admin level. See Enable MFA for the Admin Portal to learn more.

Administrators

The Admin list shows you all the org's admins, along with their details. From here, you can create new admins, edit existing ones, or request to delete an Admin.

The columns in the list show the name and email of the Admin along with their Role, the status of their API key, whether or not they are required to log in with MFA or not, and whether they are enrolled in MFA or not.

Tip:

Hover over the status of each API key to see what they mean.

For example: There are 2 variants of the ENABLED status. One of them has a 'key' icon next to it, while the other version doesn't. The one with the 'key' icon means the API key is enabled for this Admin, and they have generated a key. The one without the 'key' icon means the API key is enabled for this Admin, but they haven't generated a key yet.

To create a new Admin:

  1. Under Settings > Administrators, click on the green ( + ). 
  2. Under Details, add a First Name & Last Name (not required), add an Administrator Email Address* (required). 
  3. Under Permissions, set the Role for the Admin. See Admin Portal Roles to learn more.
  4. API key access is disabled by default for all new Admins. Select Enable API access to allow the Admin to generate their own key.
  5. Under Security, you can toggle Multi-factor Authentication Required on or off. 
    • MFA can be enforced for all Admins globally from Settings > Security. See the Security section.
  6. Click Save if these are your only changes.

To edit an existing Admin:

  1. Under Settings > Administrators, click on the Admin that you want to edit. 
  2. You can edit the First NameLast Name, Administrator Email Address, or change their Role.
  3. If you want to give the Admin API access, select the checkbox next to Enable API access. If it's enabled and the Admin has generated a key, you'll see the first four characters of the Admin's API key, and the date it was created as well.
  4. If you need to reset TOTP for your account, you can click Send TOTP Reset Email to initiate the reset. You will be prompted to confirm that you want to reset your TOTP, click Send
  5. From here, you can also toggle Multi-factor Authentication Not Required on or off. 
  6. If you need to reset your password, under Account Settings, click on Send Password Reset Email, you will be prompted to confirm that you want to reset your password, click Send.
  7. Click Save if these are your only changes.

To delete an Admin:

Warning:

This action is immediate and irreversible. This will remove the Admin's access to the Admin Portal.

  1. Under Settings > Administrators, click on the Admin that you want to delete. 
  2. Click Delete Account, you are prompted to confirm deletion, click Delete.

Customize Email

JumpCloud sends emails to users to notify them of various events. You can customize some of these emails to look and sound more like your org.

Note:

This feature is only available to paid customers. Free customers that have previously customized emails will see your templates in a read-only state in Settings > Customize Email in your Admin Portal. Emails will continue to be sent to users with the existing customized content as displayed in the Settings > Customize Email page. Templates may be reverted to the JumpCloud default content at any time. 

Considerations:

  • Non-Latin characters are supported.
  • HTML isn’t supported.

Email Disclaimer

Note:

The Email Disclaimer is used in all email communication, regardless of whether they have customized email content or not. 

  1. Under Settings > Customize Email > Email Customization > Email Disclaimer you can add a message that will be added to the bottom of all communication from JumpCloud to your org’s users.
  2. You can see a preview of what the disclaimer will look like on the email by toggling Template Preview on. It will be seen at the bottom of the email right above Powered by JumpCloud

Choose a Template

  1. Under Settings > Customize Email > Choose a template, select which Email Template you’d like to customize. The available templates are:
    • Password Expiration Warning: This email encourages users to reset their password before an upcoming expiration date.
    • Lockout Notice: This tells users when they’ve been locked out of their account after multiple failed login attempts. 
    • Password Expiration: This tells users that their password has expired and needs to be reset.
    • Password Reset Confirmation: This email confirms a recent password change. 
    • Password Reset: This asks new users to activate their account or reset their password. 
    • Activation Email: This asks new users to activate their account. 
    • Welcome Email - Google Workspace: This is sent to users when they are bound to Google Workspace.
    • Welcome Email - M365/Azure AD: This is sent to users when they are bound to M365/Entra ID.

Note:

When adding users via Entra sync or the API, a welcome email is sent to users, but that email is not customizable.

Email Content

  1. Under Settings > Customize Email > Email Content, you can view and modify the content of the currently selected Email Template. Tokens can be included in the various fields and the token’s value at the time each email is sent will replace the token. This allows for greater customization. 
  2. The following email fields are customizable:
    • Subject: Content for the email’s subject line.
    • Title: Content for the email’s title that appears at the top of the email.
    • Header: Content for the email’s header that appears after the title and before the message content. 
    • Message: Content for the email’s main message. 
    • Button Call to Action: Content for a button in the email message that calls for users to take an action, like Reset Your Password. 
    • Footer: Content for the email’s footer that appears below the message content.
  3. Click Save if these are your only changes.

Tip:

Click the Reset to Default Content to revert all of your changes back to the default JumpCloud content.

Available Tokens

Tokens are variables that are replaced with attributes for your organization or your JumpCloud managed users. You can add tokens to email templates to include content that's specific to your organization.

Considerations:

  • If you mistype a token, it appears as plain text in the Template Preview. Valid tokens appear as links.
  • If a token attribute isn't defined for your organization, the token appears as blank space in the email. 
  • Tokens must be included exactly as they appear in the following list or they appear as plain text in emails. 

You can include the following tokens in your email templates:

 #{admin_email_link} This token is populated by your organization’s contact name and contact email. It shows the contact name with a mailto link to the contact email. If you don’t have both the contact name and contact email defined for your organization, this token appears as a blank space in the email. You can update these on the Organization Profile tab in the Settings page.
#{contact_email}This token is populated by your organization’s contact email. If you don’t have a contact email defined for your organization, this token appears as a blank space in the email. You can update your organization’s contact email on the Organization Profile tab in the Settings page.
 
#{contact_name}This token is populated by your organization’s contact name. If you don’t have a contact name defined for your organization, this token appears as a blank space in the email. You can update your organization’s contact name on the Organization Profile tab in the Settings page.
#{expiration_day}This token is populated with a password’s expiration date and is only available for the Password Expiration Warning template. 
#{first_name}This token is populated by the receiving user’s first name. If you don’t have a first name defined for the user, this token appears as a blank space in the email.
#{lockout_source}This token identifies the source of the last login failure that triggered the Lockout Email. This is either; the System Display Name of the user’s managed device, or User Portal.
#{org_name}This token is populated by your organization’s name. If you don’t have a name defined for your organization, this token appears as a blank space in the email. You can update your organization’s name on the Organization Profile tab in the Settings page.
#{user_email}This token is populated by the receiving user’s email. This field is required, so it should always show in emails. 
#{user_name}This token is populated by the receiving user’s JumpCloud username. This field is required, so it should always show in emails. 
#{user_company_email}This token is populated by the user’s Company email. It is a required field, so it should always display. This token is only available for the Activation Email template.

Features

View trial information and quickly see directory activity and system intelligence data across your org with Directory Insights and System Insights.

Features You’re Trying

See a list of trials you have underway under Features You're Trying. Features appear in order of trial start date, with the latest at the top.

Learn more about trials:

JumpCloud Go™

JumpCloud Go enables secure, passwordless login to JumpCloud web-based resources on managed devices. With the JumpCloud Go browser extension installed, users can verify their identity with their device authenticator (Apple Touch ID and Windows Hello). JumpCloud Go authentication also satisfies any User Portal portal MFA requirements.

To learn more about JumpCloud Go:

Directory Insights

Directory Insights is JumpCloud's event logging and compliance feature. Quickly see directory activity and system intelligence.

You can use our RESTful API, PowerShell Module, and Admin Portal to access event logs, see activity happening in your directory, and monitor user authentications to the User Portal, SAML SSO applications, RADIUS, and LDAP. 

Prerequisites

  • Directory Insights is included in some of our package plans. See JumpCloud Pricing for information on our package plans. 
  • To enable Directory Insights for your account, current customers can contact us at [email protected]. New customers can contact us at [email protected].

To view your current Directory Insights status:

  1. Under Settings > Features, see the status of Directory Insights

Learn more about Directory Insights:

System Insights

JumpCloud’s System Insights extends device management by providing telemetry across your fleet of macOS, Windows and Linux devices. You can easily gather information from JumpCloud managed devices with our RESTful API and PowerShell Module

You can use the System Insights feature to:

  • Easily take stock of your suite of devices and the state of the machines in your org.
  • See inventory information like vendor, model, serial number etc.
  • Query system endpoints to resolve issues proactively without having to interrupt employees.
  • Provide info to auditors to prove that systems in your org are compliant. 
  • Gather info about device uptime to leverage when diagnosing issues.
  • Allow security and DevOps teams to interrogate machines to look for security vulnerabilities. 
  • See which devices are protected by disk encryption and which need to be updated with it. 

Prerequisites

  • System Insights is included in some of our package plans. See JumpCloud Pricing for information on our package plans. 
  • To enable System Insights for your account, customers with free accounts can contact us at [email protected], and customers with paid accounts can contact their Account Manager. New customers can contact us at [email protected].
  • System Insights only supports 64-bit operating systems.

To enable System Insights:

  1. Under Settings > Features, toggle System Insights On or Off
  2. Under Auto enable System Insights on new devices, select which devices (macOSWindows & Linux) you’d like to enable this feature on. New devices added to JumpCloud will automatically have System Insights enabled.
    • Note: Devices that existed in your account prior to you turning on Auto Enablement require that you manually enable System Insights for an individual device. 
  3. Click Save if these are your only changes.

Learn more about System Insights:

Remote Assist

JumpCloud Remote Access is a cloud-based solution that provides IT teams with robust remote support capabilities, including Remote Assist for remote screen access and control, as well as Background Tools for remote command line and file management. Admins with Manager role permissions or higher can enable or disable Remote Assist and Background Tools. If enabled, admins with these roles as well as the HelpDesk role can launch Remote Assist and Background Tools sessions.

Learn more about Remote Assist:

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case