<\/p><\/div>
JumpCloud Protect\u00ae is designed to operate on Android 8 and iOS 13 and higher. It may operate on older versions, but they aren’t supported by JumpCloud. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
JumpCloud Protect is a mobile app for iOS and Android that can be used for Multi-Factor Authentication (MFA) or 2-step verification. Once the app is downloaded, and the device is enrolled, the app can be used for push notifications or as an authenticator (TOTP). <\/p>\n\n\n\n
The app can be downloaded from the iOS App Store<\/a> or the Google Play Store<\/a>. After you’ve downloaded the app and successfully enrolled your device, you can authenticate using Push MFA or Verification (TOTP) Code MFA, see MFA Guide for Admins<\/a> to learn more.<\/p>\n\n\n\n
Prerequisite:<\/strong><\/p>\n\n\n\n
Considerations:<\/strong><\/p>\n\n\n\n
<\/p><\/div>
This help article provides info for JumpCloud users. For Admins looking to set up the JumpCloud Protect app for their users, see JumpCloud Protect Admin Guide<\/a> to learn more.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
Workflow:<\/strong><\/p>\n\n\n\n
<\/p><\/div>
A push notification is valid for 60 seconds before the User Portal gets timed out in which case the user needs to initiate the push notification process again. If the user responds to an expired push notification on the device, an error appears.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
You can use JumpCloud to log into the Admin Portal, User Portal, or into your Windows, Mac, or Linux devices. <\/p>\n\n\n\n
Push Bombing is a hacking method of triggering multiple 2FA attempts using push notifications until the user may accept the request accidentally. MFA fatigue is the term for when, due to the multiple 2FA requests, a user accepts the fraudulent request out of frustration.<\/p>\n\n\n\n
To protect yourself against these types of attacks:<\/p>\n\n\n\n
<\/p><\/div>
JumpCloud protects against fraudulent push attempts by blocking more than one notification per resource within a 60 second timeout period (the number of maximum concurrent attempts can be changed by an Admin). You can try again after the timeout or after you’ve approved or denied the initial request.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p>\n\n\n\n
If your org is using JumpCloud Protect for their MFA, you\u2019ll need to complete the initial setup for it.<\/p>\n\n\n\n
<\/p><\/div>
Guide Me: JumpCloud Protect User Enrollment<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To set up the JumpCloud Protect app:<\/strong><\/p>\n\n\n\n
<\/p><\/div>
When you log in to your User Portal, you may be prompted to activate MFA without going to the Security screen.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
JumpCloud Protect supports both Push MFA and TOTP MFA. However, you have to enroll in each form separately.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
If JumpCloud Protect isn’t in the foreground when you complete this process, you’ll receive a push notification. You have to click Approve<\/strong> for the process to complete.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
<\/p><\/div>
Guide Me: JumpCloud Protect: User Enrollment<\/a> and JumpCloud Protect: User Login<\/a><\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
You can transition to JumpCloud Protect if you’re already using a different authenticator to verify your identity through Verification Code (TOTP) MFA.<\/p>\n\n\n\n
To transition to JumpCloud Protect from a different authenticator:<\/strong><\/p>\n\n\n\n
If your org has enabled JumpCloud Protect for your account, and if you’ve enrolled your device, you’ll receive a push notification on your device when you attempt to log in to a resource secured by your JumpCloud Admin. If Biometric User Verification is set to Required, the login request doesn’t complete without it (Face ID, fingerprint, or passcode). Select Approve<\/strong> on your device to log in to the resource. Select Deny<\/strong> on your device if you’re not the one who requested the notification.<\/p>\n\n\n\n
<\/p><\/div>
It’s a good security practice to check the app and location info before approving a push request, in case the request is fraudulent. Location info doesn’t have 100% accuracy, especially at the city level. If you suspect a request is fraudulent, deny the request and notify your Admin.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
You can also receive and respond to the JumpCloud Protect MFA push notifications on your Android, Apple, and other smartwatches.<\/p>\n\n\n\n
The watch must be paired with a smartphone running the JumpCloud Protect app. The phone must be unlocked, and notifications must be enabled on the smartwatch.<\/p>\n\n\n\n
<\/p><\/div>
If biometric verification is enabled by your Admin, the notification on the watch will prompt you to open the app on your phone. See Enabling JumpCloud Protect<\/a> to learn more.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
To reset your password from the User Portal login screen:<\/strong><\/p>\n\n\n\n
After you complete the authentication, your password is reset and you can log in.<\/p>\n\n\n\n
You can use JumpCloud Protect as your Step-Up Authenticator as well. Step-Up Authentication is required when you\u2019ve logged in to your User Portal and you need to access an app that requires an additional layer of security through a second authentication factor. <\/p>\n\n\n\n
To log in to an application that requires Step-Up Authentication:<\/strong><\/p>\n\n\n\n
<\/p><\/div>
Denying the request logs you out of your JumpCloud User Portal. This is to keep bad actors from accessing your app and data.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
After you approve your request, you have access to the app. <\/p>\n\n\n\n
<\/p><\/div>
JumpCloud Protect supports both Push MFA and TOTP MFA. However, you have to enroll in each form separately.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n
When you open the JumpCloud Protect app, you see a list of the accounts you have set up for MFA. This list either shows the Verification Code for the account with a timer indicating when the code will expire, or that the account is registered for Push MFA.<\/p>\n\n\n\n
<\/p>\n\n\n\n
Tapping on the code itself will copy the code to the device\u2019s clipboard. Tapping anywhere else opens the Account Details<\/strong> screen.<\/p>\n\n\n\n
At the bottom of the JumpCloud Protect<\/strong> screen, there is a More<\/strong> button. You can do a variety of things from here:<\/p>\n\n\n\n
If you no longer need one of the accounts you have set up with your JumpCloud Protect mobile app, you can delete it.<\/p>\n\n\n\n
To delete an account:<\/strong><\/p>\n\n\n\n
Additional Resources:<\/strong><\/p>\n\n\n\n
Knowledge Base: Troubleshoot: JumpCloud Protect<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"