{"id":76352,"date":"2023-06-05T13:11:27","date_gmt":"2023-06-05T17:11:27","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=76352"},"modified":"2023-09-12T11:01:14","modified_gmt":"2023-09-12T15:01:14","slug":"set-up-webauthn","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/set-up-webauthn","title":{"rendered":"Set up WebAuthn"},"content":{"rendered":"\n<p>Use Multi-Factor Authentication (MFA) with JumpCloud to secure user access to your organization\u2019s resources. This guide shows you how to set up WebAuthn multi-factor authentication (MFA) for JumpCloud users. WebAuthn MFA protects authentication to the User Portal, Single Sign On (SSO) applications, and password changes made from the User Portal.&nbsp;When you enable WebAuth MFA, users will see it as an option for MFA when logging into one of these resources.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>Give your users secure and convenient access to their resources with Push MFA. Learn more:&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/jumpcloud-protect-for-admins\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Protect for Admins<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">What is&nbsp;WebAuthn MFA<\/h2>\n\n\n\n<p>MFA secures access to a resource by asking a user to prove who they are with multiple factors. When MFA is enabled, a user proves who they are with something they know, like a username and password, something they have, like a security key, and something they are, like a fingerprint. When WebAuthn MFA is enabled, users authenticate to the JumpCloud User Portal with their username and password plus a security key or a device authenticator.&nbsp;&nbsp;<\/p>\n\n\n\n<p>WebAuthn MFA is available in the following places:<\/p>\n\n\n\n<ul>\n<li>User Portal login<\/li>\n\n\n\n<li>SSO applications<\/li>\n\n\n\n<li>Password changes from the User Portal&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">WebAuthn MFA Considerations<\/h2>\n\n\n\n<ul>\n<li>WebAuthn MFA with security key&nbsp;works with JumpCloud\u2019s&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/supported-web-browsers\" target=\"_blank\" rel=\"noreferrer noopener\">Supported Web Browsers<\/a>.&nbsp;<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>WebAuthn MFA with Touch ID is only supported by Google Chrome.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ul>\n<li>Browsers don\u2019t support all security keys. If you experience problems registering or logging in with a security key, your security key may not be supported by the browser.&nbsp;<\/li>\n\n\n\n<li>Enrollment periods aren\u2019t available for WebAuthn MFA.<\/li>\n\n\n\n<li>WebAuthn MFA doesn\u2019t protect systems, RADIUS servers, or password changes made from systems. However, you can use TOTP MFA to protect systems, RADIUS servers, and password changes made from systems. Learn more: <a href=\"https:\/\/jumpcloud.com\/support\/mfa-for-admins\" target=\"_blank\" rel=\"noreferrer noopener\">MFA for Admins<\/a>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Legacy Keys (WebAuthn Considerations)<\/h2>\n\n\n\n<p>Any older security keys (including device authenticators) have been renamed legacy keys. You can rename or delete these keys, but can not add a new security key to this area. We recommend re-enrolling these keys as Security Keys or Device Authenticators and then deleting the original legacy key. However, users will not be blocked from continuing to use the legacy key.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Security Key (WebAuthn) Considerations<\/h2>\n\n\n\n<p><strong>Security keys you can use:<\/strong><\/p>\n\n\n\n<ul>\n<li>JumpCloud WebAuthn MFA supports any Universal Second Factor&nbsp;(U2F) compliant security key, such as YubiKey and Titan.<\/li>\n\n\n\n<li>You can use NFC-enabled security keys with NFC supported devices. You need to have a&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/supported-web-browsers\" target=\"_blank\" rel=\"noreferrer noopener\">supported web browser<\/a>&nbsp;on the device to use an NFC-enabled security key to log in to the User Portal.\n<ul>\n<li><strong>To use a NFC-enabled security key<\/strong>:\n<ul>\n<li>Use a supported web browser to log in to the User Portal.<\/li>\n\n\n\n<li>After you enter your username and password, select&nbsp;<strong>Security Key<\/strong>.&nbsp;<\/li>\n\n\n\n<li>When the browser prompts you for the security key, move the NFC-enabled security key near the designated spot on the device.<\/li>\n\n\n\n<li>When the security key is authenticated, you gain access to the User Portal.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Users can have multiple security keys.<\/li>\n\n\n\n<li>JumpCloud does not officially support Bluetooth Low Energy WebAuthn security keys.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card important\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Important:<\/strong> \n<p>TOTP Security keys can&#8217;t be used as WebAuthn security keys.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Device Authenticator (WebAuthn) Considerations<\/h2>\n\n\n\n<ul>\n<li>Some systems have built-in devices that can be used as a device authenticator, like a fingerprint scanner.<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>On Windows devices, the authenticator being enrolled as a device authenticator must already be enrolled in Windows Hello, otherwise enrollment will fail.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ul>\n<li>If you want a user\u2019s built-in device to work as WebAuthn, instruct the user to enroll in Device Authenticator from their User Portal.\n<ul>\n<li>Apple Touch ID is only supported on Chrome; Windows Hello is supported on Chrome, Firefox, and Edge.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Preparing Your Users<\/h2>\n\n\n\n<ul>\n<li>If your users use security keys with TOTP MFA, let them know TOTP MFA security keys are a different type of security key and can\u2019t be used with WebAuthn MFA.<\/li>\n\n\n\n<li>If you enable security key self-registration, let users know that they will be prompted to set up a security key when they log in to the User Portal.\n<ul>\n<li>If you don&#8217;t enable security key self-registration, consider registering all of your users&#8217; security keys first, giving the keys to the users, and then enabling WebAuthn MFA.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Users can find their security keys when they log in to the User Portal, then go to the Security Tab.&nbsp;<\/li>\n\n\n\n<li>This article explains how to register and user security keys with a user account: <a href=\"https:\/\/jumpcloud.com\/support\/use-security-key-or-device-authenticator-with-user-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">Use a Security Key or Device Authenticator with User Accounts<\/a>.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Enabling WebAuthn MFA<\/h2>\n\n\n\n<ol>\n<li>Log in to the JumpCloud Admin Portal:<a target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/\" rel=\"noreferrer noopener\"> https:\/\/console.jumpcloud.com<\/a>.&nbsp;<\/li>\n\n\n\n<li>Go to <strong>Security Management<\/strong> &gt; <strong>MFA Configurations<\/strong>.&nbsp;<\/li>\n\n\n\n<li>In the <strong>WebAuthn<\/strong> section, click <strong>Enable<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Optionally, to let your users register their security keys, select <strong>Allow security key self-registration for all users<\/strong>. The process for users is in <a href=\"https:\/\/jumpcloud.com\/support\/use-security-key-or-device-authenticator-with-user-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">Use a Security Key or Device Authenticator with User Accounts<\/a>.<\/li>\n<\/ol>\n\n\n\n<p><strong>To add WebAuthn for a user:<\/strong><\/p>\n\n\n\n<ol>\n<li>Go to&nbsp;<strong>Users<\/strong>, select a user, and go to the&nbsp;<strong>Details<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>In the Security Keys section, click&nbsp;<strong>Add Key<\/strong>.\n<ol>\n<li>On the Register WebAuthn Security Key modal, enter a&nbsp;<strong>Display Label<\/strong>, then click<strong>&nbsp;Register Key<\/strong>.<\/li>\n\n\n\n<li>Insert the security key into your computer, then follow the browser prompts, which can differ in behavior and messaging.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Register Key<\/strong>. A popup in the right corner of the screen will confirm that the security key has been successfully registered.<\/li>\n\n\n\n<li><strong>Save User<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Device Authenticators will be enrolled by users from the User Portal.<\/li>\n\n\n\n<li>To edit or delete a user&#8217;s security key or device authenticator, use the pencil or trash can icons.<\/li>\n\n\n\n<li><strong>Save User<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>Important: If WebAuthn is the only MFA factor and an admin deletes the user\u2019s only security key, that user will be locked out of the User Portal.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Viewing Users&#8217; WebAuthn Enrollment Status<\/h2>\n\n\n\n<p>In the Users page, use the Columns dropdown to add the MFA: WebAuthn and MFA: User Requirement columns to confirm which users have completed WebAuthn enrollment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Use Multi-Factor Authentication (MFA) with JumpCloud to secure user access to your organization\u2019s resources. This guide shows you how to [&hellip;]<\/p>\n","protected":false},"author":204,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2908,2854],"support_tag":[],"coauthors":[2838],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Set up WebAuthn - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to set up and enable WebAuthn as an MFA factor for you users.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/set-up-webauthn\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Set up WebAuthn\" \/>\n<meta property=\"og:description\" content=\"Learn how to set up and enable WebAuthn as an MFA factor for you users.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/set-up-webauthn\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-12T15:01:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"jenniferklein\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/set-up-webauthn\",\"url\":\"https:\/\/jumpcloud.com\/support\/set-up-webauthn\",\"name\":\"Set up WebAuthn - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-06-05T17:11:27+00:00\",\"dateModified\":\"2023-09-12T15:01:14+00:00\",\"description\":\"Learn how to set up and enable WebAuthn as an MFA factor for you users.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/set-up-webauthn#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/set-up-webauthn\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/set-up-webauthn#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Set up WebAuthn\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Set up WebAuthn - JumpCloud","description":"Learn how to set up and enable WebAuthn as an MFA factor for you users.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/set-up-webauthn","og_locale":"en_US","og_type":"article","og_title":"Set up WebAuthn","og_description":"Learn how to set up and enable WebAuthn as an MFA factor for you users.","og_url":"https:\/\/jumpcloud.com\/support\/set-up-webauthn","og_site_name":"JumpCloud","article_modified_time":"2023-09-12T15:01:14+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes","Written by":"jenniferklein"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/set-up-webauthn","url":"https:\/\/jumpcloud.com\/support\/set-up-webauthn","name":"Set up WebAuthn - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-06-05T17:11:27+00:00","dateModified":"2023-09-12T15:01:14+00:00","description":"Learn how to set up and enable WebAuthn as an MFA factor for you users.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/set-up-webauthn#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/set-up-webauthn"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/set-up-webauthn#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Set up WebAuthn"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76352"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/204"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76352\/revisions"}],"predecessor-version":[{"id":84700,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76352\/revisions\/84700"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=76352"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=76352"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=76352"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=76352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}