Subscribe to Help Center RSS FeedJumpCloud Vault allows organizations to manage both Privileged Access Management (PAM) and Password Manager (PWM) licenses within a single environment. This eliminates the need to maintain separate environments for different product tiers, enabling administrators to efficiently allocate the appropriate license based on individual access needs. Every Vault user must be assigned exactly one license (either PAM or PWM), which strictly dictates the platform features they can see and access, regardless of their assigned role.
While Vault allows the management of both PAM and PWM licenses within a single environment, every user must be assigned exactly one license. This assigned license strictly dictates the platform features they can see and access, regardless of their assigned role.
Considerations
The License field is visible in two places:
- Users list (Administration > Users): A dedicated License column displays the license type assigned to each user (PAM or PWM).
- User edit form (Administration > Users > Edit User): The License field appears under User Details as a required dropdown with two options: PAM and PWM.
Assigning or Changing a User’s License
- Log in to Vault with an Administrator account.
- Go to Administration > Users. The list of available users is displayed.
- Search and select a specific user. The Edit User page is displayed.
- On the Edit User page, under Details tab, select PAM or PWM from the License dropdown menu.
- Click Save.
The license change takes effect immediately. If the user is currently logged in, the updated access restrictions will be applied on their next session.
Automatic License Assignment During Provisioning
When users are provisioned into Vault through an identity provider (e.g., JumpCloud IDP via SCIM), the platform automatically assigns a license to each new user based on the following logic:
- If the tenant has only PAM licenses available, new users receive a PAM license.
- If the tenant has only PWM licenses available, new users receive a PWM license.
- If the tenant has both PAM and PWM licenses available, new users automatically receive a PWM license (the more basic tier).
This default behavior ensures that license consumption is conservative. If a provisioned user requires PAM access, an administrator must manually update that user's license to PAM after provisioning.
Automatic assignment applies only to users created through provisioning integrations. For users created manually through the Admin Console, administrators must explicitly select the license type during user creation.
License Seat Limits
Each tenant has a fixed number of available seats per license type, based on what was purchased. The platform enforces these limits automatically:
- You cannot assign a PAM license to a new user if all PAM seats are already in use.
- You cannot assign a PWM license to a new user if all PWM seats are already in use.
When a user is deactivated or removed from the tenant, their seat is automatically released and becomes available for reassignment.
In this Article