Here are a few things that you can check to quickly troubleshoot and resolve issues with your JumpCloud Chrome Conditional Access Policies (CAP) and the Chrome Device Trust Connector (DTC).
Verify Connector Deployment
- Go to Google Admin Console and then, click Devices > Chrome > Connectors.
- Ensure the JumpCloud Device Trust Connector is configured and
- Assigned to the correct Organizational Units (OUs).
- Applied for both browsers and profiles, or only to Browser, or Profile. (This will enforce the action premise during access from CAP)
- Ensure the JumpCloud Device Trust Connector is configured and
If the connector isn’t deployed or not mapped to the correct OUs, Conditional Access Policies cannot evaluate device trust. Thus enforcement will not work.
Validate the Enrolment Domain
- Go to Google Admin Console and then, click Account > Domains > Manage Domains.
- Confirm the domain listed matches the domain used in user email addresses (e.g.,
@yourdomain.com
).
A mismatch or unverified domain can prevent mapping Chrome sessions to JumpCloud users.
Review Default Access Policy ConfigurationÂ
- If Default Access Policy (Under Conditional Access Policy settings) is set to Allow Authentication, you must create a new conditional access policy with Denied action.
- If Default Access Policy (Under Conditional Access Policy settings) is set to Deny Access, you must create a new conditional access policy with Allowed action.
The conditional access policy logic must align with the default access policy. This is a common point of failure.
Restart Chrome Browser
- Sometimes if Users are already on a Chrome browser session, it may need a restart. Ask users to fully restart Chrome after:
- Configuring the DTC and enforcing JumpCloud CAP
- Configuring the DTC and enforcing JumpCloud CAP
Without restarting Chrome, device trust signals may not be sent, causing conditional access policies to behave incorrectly.
Check Conditional Access Logs
- Go to JumpCloud Admin Portal > Insights > Directory Insights.
- Review the following:
- Which policy was evaluated
- What conditions matched or failed
- What action was enforced (Allow / Deny / MFA)
Additional Final Checks
- Confirm user/group assignment to CAP.
Make sure the conditional access policy is active.