Troubleshoot: JumpCloud Conditional Access Policy Issues (Chrome DTC)

Here are a few things that you can check to quickly troubleshoot and resolve issues with your JumpCloud Chrome Conditional Access Policies (CAP) and the Chrome Device Trust Connector (DTC).

Verify Connector Deployment

• Go to Google Admin Console and then, click Devices > Chrome > Connectors.
  • Ensure the JumpCloud Device Trust Connector is configured and
    • Assigned to the correct Organizational Units (OUs).
    • Applied for both browsers and profiles, or only to Browser, or Profile. (This will enforce the action premise during access from CAP)
      

Validate the Enrolment Domain

• Go to Google Admin Console and then, click Account > Domains > Manage Domains.
• Confirm the domain listed matches the domain used in user email addresses (e.g., @yourdomain.com).
  

Review Default Access Policy Configuration 

• If Default Access Policy (Under Conditional Access Policy settings) is set to Allow Authentication, you must create a new conditional access policy with Denied action.
• If Default Access Policy (Under Conditional Access Policy settings) is set to Deny Access, you must create a new conditional access policy with Allowed action.

Restart Chrome Browser

• Sometimes if Users are already on a Chrome browser session, it may need a restart. Ask users to fully restart Chrome after:
  • Configuring the DTC and enforcing JumpCloud CAP
    

Check Conditional Access Logs

• Go to JumpCloud Admin Portal > Insights > Directory Insights.
• Review the following:
  • Which policy was evaluated
  • What conditions matched or failed
  • What action was enforced (Allow / Deny / MFA)
    

Additional Final Checks

• Confirm user/group assignment to CAP.

Make sure the conditional access policy is active.