{"id":74818,"date":"2023-05-18T10:26:22","date_gmt":"2023-05-18T14:26:22","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=74818"},"modified":"2023-10-12T17:21:23","modified_gmt":"2023-10-12T21:21:23","slug":"connect-new-users-to-resources","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources","title":{"rendered":"Connect New Users to Resources"},"content":{"rendered":"\n<p>All resources in JumpCloud are implicitly denied, which means that by default, new users don&#8217;t have access to a resource endpoint until they are explicitly connected to it directly or through group membership.&nbsp;You can bind the user to any of the resources connected to JumpCloud from a device to applications, networks, etc. If the user is created in a Staged user state, they won&#8217;t gain access to their assigned resources until they&#8217;re activated. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/manage-user-states\" target=\"_blank\" rel=\"noreferrer noopener\">Manage User States<\/a>&nbsp;for specific information about when a user is provisioned or assigned resources.<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>The JumpCloud Agent must be installed and active on the system.&nbsp;<\/li>\n\n\n\n<li>The user must be connected to the system in the Admin Portal.<\/li>\n\n\n\n<li>The user must not exist as a local user account on the Linux System.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>User Bindings<\/strong><\/h2>\n\n\n\n<p>Access to resources may be granted by connecting a user to any of the following:<\/p>\n\n\n\n<ul>\n<li>User Groups<\/li>\n\n\n\n<li>Devices<\/li>\n\n\n\n<li>Directories<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">User Groups<\/h3>\n\n\n\n<p>Binding a user to a group of users is an organizational construct. No access is granted until that group has been bound to a resource. You can edit group membership in this view.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Devices<\/h3>\n\n\n\n<p>Binding\u00a0a user directly to a device is good practice if this will be a one-to-one relationship. For example, a single user is bound to their work device to which no one else can have access. A user bound via a (user) group can also be bound directly to the device to enable a custom permission to be set on only that device. UI behavior for group and direct connection is explained further in\u00a0<a href=\"https:\/\/jumpcloud.com\/support\/get-started-devices\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Devices<\/a>.\u00a0When a user is bound to a device, it either creates a new local user account or\u00a0takes over an existing account\u00a0of the same username. See <a href=\"https:\/\/jumpcloud.com\/support\/take-over-an-existing-user-account-with-jumpcloud\" target=\"_blank\" rel=\"noreferrer noopener\">Take Over an Existing User Account with JumpCloud<\/a>.<\/p>\n\n\n\n<p>You can also let new users provision their account to macOS and Windows devices directly from the login screen. See <a href=\"https:\/\/jumpcloud.com\/support\/get-started-self-service-account-provisioning\" target=\"_blank\" rel=\"noreferrer noopener\">Provision New Users on Device Login<\/a>.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Directories<\/h3>\n\n\n\n<p>This can include Google Workspace, Microsoft 365, and\/or&nbsp;JumpCloud LDAP. These resources are generally accessed by groups of people. So binding directly to the user, while possible, isn&#8217;t generally recommended. Rather, bind the user to a group that has already been granted access to the directory. A direct connection can&#8217;t be made if the user is already bound to the resource via a group of users.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Activate&nbsp;Google Workspace&nbsp;or&nbsp;Microsoft 365&nbsp;to make them available in the list of Directories. See:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Google Workspace Integration Overview<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/m365-directory-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">M365 Directory Integration Overview<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>User Group Bindings<\/strong><\/h2>\n\n\n\n<p>Access to resources may be granted by connecting a User Group to any of the following:<\/p>\n\n\n\n<ul>\n<li>Users<\/li>\n\n\n\n<li>Device Groups<\/li>\n\n\n\n<li>Applications<\/li>\n\n\n\n<li>RADIUS<\/li>\n\n\n\n<li>Directories<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Users<\/h3>\n\n\n\n<p>Binding a user to a group of users is an organizational construct, no access is granted until that group has been bound to a resource. You can edit group membership via the&nbsp;User&nbsp;tab.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Device Groups<\/h3>\n\n\n\n<p>Binding via device group is recommended when there are&nbsp;one-to-many or many-to-many relationships. For example, a group of admins needs access to a production environment. All members of the User Group will be granted access to all devices in the Device Group.&nbsp;When a user is connected to a device, a new local user account will be created or an existing account of the same username will be&nbsp;taken over. See <a href=\"https:\/\/jumpcloud.com\/support\/take-over-an-existing-user-account-with-jumpcloud\" target=\"_blank\" rel=\"noreferrer noopener\">Take Over an Existing User Account with JumpCloud<\/a>. It&#8217;s possible to be bound to the device both directly and via group membership.&nbsp;UI behavior for group and direct binding is explained further in&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-devices\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Devices<\/a>.<\/p>\n\n\n\n<p>Admins know that they can bind a user to resources through groups, but that this is the mechanism by which they can assign permissions to those groups.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card warning\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/warning-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Warning:<\/strong> \n<p>Binding a user group to a device group will create a local user account for each user in the user group on each device in the device group. Adding a large number of user accounts to a device may prevent it from operating correctly. Proceed with caution.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Applications and RADIUS Servers<\/h3>\n\n\n\n<p>To grant access, a user must be a member of a group. You may create one or many groups of users to bind to one or many resource types. After the group is bound to the application, any member of that group will be allowed to log in.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Directories<\/h3>\n\n\n\n<p>This can include Google Workspace, Microsoft 365, or&nbsp;JumpCloud LDAP&nbsp;to&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/create-an-ldap-group\" target=\"_blank\" rel=\"noreferrer noopener\">Create an LDAP Group<\/a>.&nbsp;Binding a User Group to a directory is possible even if a user has already been granted direct access to that directory.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>Activate&nbsp;Google Workspace&nbsp;or&nbsp;Microsoft 365&nbsp;to make them available in the list of Directories. See:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Google Workspace Integration Overview<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/m365-directory-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">M365 Directory Integration Overview<\/a><\/li>\n<\/ul>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Binding Matrix<\/h2>\n\n\n\n<p>The following table illustrates which JumpCloud resources can be bound.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td>User<\/td><td>Device<\/td><td>User Group<\/td><td>Device Group<\/td><\/tr><tr><td>User<\/td><td>&nbsp;<\/td><td>\u2713<\/td><td>\u2713<\/td><td><strong>X<\/strong><\/td><\/tr><tr><td>Device<\/td><td>\u2713<\/td><td>&nbsp;<\/td><td><strong>X<\/strong><\/td><td>\u2713<\/td><\/tr><tr><td>User Group<\/td><td>\u2713<\/td><td><strong>X<\/strong><\/td><td>&nbsp;<\/td><td>\u2713<\/td><\/tr><tr><td>Device Group<\/td><td><strong>X<\/strong><\/td><td>\u2713<\/td><td>\u2713<\/td><td>&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u2713&nbsp;&#8211; The resources can be bound.<br><strong>X<\/strong>&nbsp;&#8211; The resources can&#8217;t be bound.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>All resources in JumpCloud are implicitly denied, which means that by default, new users don&#8217;t have access to a resource [&hellip;]<\/p>\n","protected":false},"author":207,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[3003,2850],"support_tag":[],"coauthors":[2843],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Connect New Users to Resources - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Connect New Users to Resources\" \/>\n<meta property=\"og:description\" content=\"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-12T21:21:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sashaharrington\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources\",\"url\":\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources\",\"name\":\"Connect New Users to Resources - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-18T14:26:22+00:00\",\"dateModified\":\"2023-10-12T21:21:23+00:00\",\"description\":\"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Connect New Users to Resources\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Connect New Users to Resources - JumpCloud","description":"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources","og_locale":"en_US","og_type":"article","og_title":"Connect New Users to Resources","og_description":"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.","og_url":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources","og_site_name":"JumpCloud","article_modified_time":"2023-10-12T21:21:23+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"sashaharrington"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources","url":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources","name":"Connect New Users to Resources - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-18T14:26:22+00:00","dateModified":"2023-10-12T21:21:23+00:00","description":"Learn how to bind users to any of the resources connected to JumpCloud from a device to apps, networks, etc.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/connect-new-users-to-resources#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Connect New Users to Resources"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74818"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/207"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74818\/revisions"}],"predecessor-version":[{"id":99453,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/74818\/revisions\/99453"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=74818"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=74818"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=74818"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=74818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}