You can quickly manage user access to company resources by suspending and reactivating user accounts. You can freeze access to company resources when users are on leave for any length of time, or if their identity is compromised. When users return from leave and/or their identity is secured, you can immediately reactivate accounts to their previous access level.
Note: Before reactivating, make any necessary access changes if appropriate.
Suspended user accounts can’t access any resources they’re connected or assigned to, including email. Users with suspended accounts can’t unlock or reset their password to regain access to their account. Access to a suspended account can only be regained if the account is reactivated by their IT admin.
Reactivated accounts allow users access to all assigned resources again, including email. An admin can return users to a active state manually or via scheduled activation. Scheduled reactivation allows the admin to transition users between states on a specific date and time, minimizing the need to be available when a user resumes employment, while still providing them the right access, at the right time. This feature is ideal when:
- Reactivating contractors
- Returning contractors who have been suspended in JumpCloud.
- Reactivating employees
- Returning employees who have been suspended in JumpCloud while on extended leave.
- Rehired employees who have been suspended but not yet deleted in JumpCloud.
Considerations:
- When a user is suspended, they're automatically logged out of their device, and connected resources and are prevented from accessing these resources during account suspension.
- Currently, Suspend User doesn’t support Windows Home. If a user of Windows Home is suspended, they aren’t automatically logged out of their device. However, if they switch user accounts, log out, or reboot, they're denied access to the device.
- Currently, Suspend User doesn’t support remote logins. If a user that is currently logged in to a device via remote session is suspended, they aren’t automatically logged out of the device. However, if they switch user accounts, log out, or reboot, they're denied access to the device.
- Suspended users are retained in the console during the time they're suspended and are billed as normal users.
- JumpCloud requires a password reset after users are connected to AD, Google Workspace, and Microsoft 365.
- Active accounts receive emails instructing them to change their password after they're connected to these resources.
- Suspended accounts can’t receive emails, so they won’t receive password reset emails after they're connected to these resources.
- When a suspended account is reactivated, admins need to manually resend password reset emails. Admins can resend password reset emails from the Admin Portal more actions menu by clicking on their initials in the top right hand corner.
- If you require that users change their password after a suspension, you can manually send a password reset email. Admins can resend password reset emails from the Admin Portal more actions menu by clicking on their initials in the top right-hand corner.
- If a suspended user account’s MFA enrollment period expires while the account is suspended, admins need to Configure MFA for Your Org after it is restored.
- See Advanced Configurations for Active Directory (AD) Import to learn about suspended behaviors.
Determining if a User Account is Suspended
When a user account is suspended, their user state will indicate Suspended in the User State column of the Users list. Also, an account suspended status shows on the left side of the User’s information panel.
Tip: You can see a filtered view of the Users list which only shows suspended accounts by clicking the Suspended link located at the top left above the list of Users.
Suspending a User or Locked User Account
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users.
- Select the checkbox next to the user(s) you want to suspend. You can select multiple users to suspend.
- Click change state, then select Suspend.
- Suspending an account immediately revokes this user's access to all JumpCloud-provided resources. The user is retained in the system and billed as a normal user.
- A Samba user, which is the Samba Service Account, can't be suspended.
- To suspend immediately, click Suspend Now, then Save. A notification appears and the User State changes to Suspended.
Scheduling a User Suspension
To schedule a user suspension:
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users. You can select multiple users to suspend.
- Select the checkbox next to the user(s) you want to suspend.
- Click change state, then select Suspend.
- Click Schedule Suspension and select the date and time to start the suspension. The time has to be at least one hour in the future.
- Click Save. A notification will appear along with a calendar icon next to the user state to indicate there is a scheduled event associated with this user.
Reactivating a Suspended User Account
To reactivate a suspended user account from the user record:
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users and select the user.
- Click the User State dropdown menu and select Activate.
- Click Activate Now.
- You can optionally choose to send an email to the user by selecting and populating the Send email to field.
- Click Save.
To reactivate a suspended user account from the change state menu:
- Log in to the JumpCloud Admin Portal.
- Go to USER MANAGEMENT > Users.
- Select the checkbox next to the applicable user, click change state, and select Activate.
- Click Activate Now.
- You can optionally choose to send the user a welcome email by selecting the Send welcome email. The email can be sent to an alternate email or a company email.
- Click Save.