- \n
- The Administrator with Billing role is required to assign or remove admin roles for users. Jump to Understanding Permissions<\/a><\/li>\n\n\n\n
- A user account should exist within your JumpCloud directory with the user enrolled in MFA.<\/li>\n<\/ul>\n\n\n\n
Considerations<\/strong>:<\/p>\n\n\n\n
- \n
- When an admin role is assigned to a user with this method, only the user credentials will work to log in to the JumpCloud Admin Portal. Admin credentials (password and TOTP) that were used to log in to the Admin Portal before will no longer exist.<\/li>\n\n\n\n
- In order to create or edit an admin role for a user, the emails for both user and admin must be the same. You can easily update the email address on the administrator or user side to ensure that the two match.<\/li>\n\n\n\n
- Users whom you intend to give an admin role to must be in an active state and cannot have an expired password or be locked out of their account.<\/li>\n\n\n\n
- Assigning or removing an admin role for a user will terminate any live sessions of the Admin Portal. Admins will be required to log back in to the Admin Portal with their user credentials.<\/li>\n\n\n\n
- After a user has been given an admin role, they must use the User Portal password change flow if they want to change their own password. For password resets, where someone else resets the user\u2019s password, jump to Understanding Permissions<\/a><\/li>\n\n\n\n
- Users who have been given an admin role will be able to log in to the JumpCloud Mobile App for Admins.<\/li>\n\n\n\n
- Admin Portal Roles<\/a> and their permissions should be taken into account when understanding which admins will be able to perform actions on users who have been given an admin role. For example, admins that have user-action scoped permissions (Help Desk, Manager, Administrator, Administrator with Billing) will be able to suspend a user who has been given an admin role. \n
- \n
- Certain sensitive actions, such as modifying another user\u2019s MFA, will require the Administrator with Billing role if the target user has an admin role. Jump to Understanding Permissions<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Assigning an Admin Role to a User<\/h2>\n\n\n\n
The Administrators list in the Admin Portal (Settings<\/strong> > Administrators<\/strong>) shows accounts with management access to your JumpCloud tenant. These are separate from the user accounts listed in USER MANAGEMENT<\/strong> > Users<\/strong>. By assigning an admin role to a user, you can allow the user as an admin to log in to the Admin Portal with their user credentials. You can either create a new admin from an existing user or update an existing admin to a matching user account (with the same email) to accomplish this.<\/p>\n\n\n\n
To create a new admin from an existing user<\/strong>:<\/p>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to Settings<\/strong> > Administrators<\/strong>.<\/li>\n\n\n\n
- Click + Admin<\/strong> and select From User<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/new-admin-from-user.png\")
<\/li>\n\n\n\n- In the Create Admin From User<\/strong> panel, use the search bar to find the existing user account email for the user identity you want to give an admin role.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/create-admin-from-user-search.png\")
\n- \n
- When a user identity is selected, the information under Details<\/strong> auto-populates.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/create-admin-from-user-autofill.png\")
<\/li>\n<\/ul>\n<\/li>\n\n\n\n- Under Permissions<\/strong>, select the administrative role you want the user to have.\n
- \n
- See Admin Portal Roles<\/a> for more information.<\/li>\n\n\n\n
- (Optional) Select the option to Enable API access<\/strong> for the admin, if desired.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Click Save<\/strong>. The administrator identity appears in the administrators list, and the MFA Enrollment<\/strong> column indicates a MFA enforcement inherited from the user. An email is also sent to the user informing them of this change.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/mfa-enrollment-from-user.png\")
\n- \n
- Click From User<\/strong> to open the user details tab.\n
- \n
- On the left side of the user\u2019s details, Admin Account<\/strong> appears under the user\u2019s name indicating the user has an admin role. Click to return to the admin\u2019s details.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/user-details-admin-account.png\")
<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\")
<\/p><\/div>Tip:<\/strong> \nFrom the users list, the Admin Role<\/strong> column reflects that the user is an admin.<\/p>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/user-list-administrator-column.png\")
<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\nTo update an existing admin with a matching user:<\/strong><\/p>\n\n\n\n
<\/p><\/div>Tip:<\/strong> \nAdmins with matching user identities are indicated in the administrators list with a tooltip next to their name.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
- \n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- Go to Settings<\/strong> > Administrators<\/strong>.<\/li>\n\n\n\n
- Click the name of the administrator you want to link to a user identity.<\/li>\n\n\n\n
- From the Edit Administrator <\/strong>panel, scroll to Account Settings<\/strong>.<\/li>\n\n\n\n
- Click Actions<\/strong> and select Assign Admin Role To User<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/assign-admin-role.png\")
<\/li>\n\n\n\n- Click Save<\/strong>. You are prompted to acknowledge that the user will be able to access the Admin Portal using their user credentials, and that the existing admin credentials will be deleted permanently. Click the checkbox next to I understand these implications.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/assign-admin-role-confirm.png\")
<\/li>\n\n\n\n- Click Continue<\/strong>. Note that if the admin was logged in, their session is terminated and they will be required to log back in to the Admin Portal with their user credentials.<\/li>\n\n\n\n
- In the Admin Portal, the administrator identity appears in the administrators list, and the MFA Enrollment<\/strong> column indicates a linked user identity.<\/li>\n<\/ol>\n\n\n\n
Logging in as a User with an Admin Role <\/h2>\n\n\n\n
For MFA considerations, see our MFA Guide for Admins<\/a>.<\/p>\n\n\n\n
To log in to the Admin Portal directly<\/strong>:<\/p>\n\n\n\n
- \n
- Using a supported browser, go to https:\/\/console.jumpcloud.com\/login\/admin<\/a>.<\/li>\n\n\n\n
- In Email<\/strong>, enter your company email address and click Continue<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/admin-login.png\")
<\/li>\n\n\n\n- In Password<\/strong>, enter your user password, then click Login<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/enter-user-password.png\")
<\/li>\n\n\n\n- Provide the MFA that has been set for the user.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/verify-your-identity.png\")
<\/li>\n\n\n\n- You are logged in to the Admin Portal.<\/li>\n<\/ol>\n\n\n\n
To launch an Admin Portal session from the User Portal:<\/strong><\/p>\n\n\n\n
- \n
- In the User Portal, click your initials in the top right of the page and click Launch Admin Portal<\/strong>.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/launch-ap-in-up.png\")
<\/li>\n\n\n\n- You are prompted for step-up MFA.<\/li>\n<\/ol>\n\n\n\n
Changing Your Password as a User with an Admin Role<\/h2>\n\n\n\n
Users can change their password at any time in the User Portal. See Change Your User Portal Password<\/a> for instructions. Because a user who has been given an admin role no longer has admin credentials, it is no longer possible to change the password from the admin side.<\/p>\n\n\n\n
- \n
- If you try to change your password from the Admin Portal, you will be prompted to update it instead in the User Portal.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/prevent-password-change-ap.png\")
<\/li>\n\n\n\n - Admins are also prevented from resetting their own user password in the Admin Portal from the user\u2019s Details<\/strong> > User Security Settings and Permissions<\/strong> area.
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/prevent-user-password-reset.png\")
<\/li>\n<\/ul>\n\n\n\nUnderstanding Permissions<\/h2>\n\n\n\n
Reference the table to view the permissions required to perform certain actions on users with admin roles.<\/p>\n\n\n\n
\n\n
- You are prompted for step-up MFA.<\/li>\n<\/ol>\n\n\n\n
- In Email<\/strong>, enter your company email address and click Continue<\/strong>.
- Go to Settings<\/strong> > Administrators<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- On the left side of the user\u2019s details, Admin Account<\/strong> appears under the user\u2019s name indicating the user has an admin role. Click to return to the admin\u2019s details.
- (Optional) Select the option to Enable API access<\/strong> for the admin, if desired.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Under Permissions<\/strong>, select the administrative role you want the user to have.\n
- Go to Settings<\/strong> > Administrators<\/strong>.<\/li>\n\n\n\n
- Log in to the JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n
- A user account should exist within your JumpCloud directory with the user enrolled in MFA.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/remove-admin-access.png\")
<\/li>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/remove-role-confirm.png\")
<\/li>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/11\/delete-user.png\")
<\/li>\n\n\n\n