{"id":76370,"date":"2023-06-05T13:11:28","date_gmt":"2023-06-05T17:11:28","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=76370"},"modified":"2023-09-12T10:59:06","modified_gmt":"2023-09-12T14:59:06","slug":"configure-totp-mfa-for-user-accounts","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-totp-mfa-for-user-accounts","title":{"rendered":"Configure TOTP MFA for User Accounts"},"content":{"rendered":"\n

Use Multi-Factor Authentication with JumpCloud to secure user access to your organization\u2019s resources. This guide shows you how to set up TOTP Multi-factor authentication (MFA) for JumpCloud users. TOTP MFA can be used to authenticate to the User Portal and other JumpCloud-managed resources like devices. See Configure MFA for Your Org<\/a> before you begin.<\/p>\n\n\n\n

Watch how to set up JumpCloud TOTP MFA for user accounts and the Admin Portal in Tutorial: TOTP MFA for Users and Admins<\/a>. <\/strong><\/p>\n\n\n\n

<\/p><\/div>

Tip:<\/strong> \n

To learn how to set up TOTP MFA for Administrator accounts, see Enable MFA in the Admin Portal<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

You can also secure user access to resources with JumpCloud Protect, Duo MFA, and WebAuthn MFA. See MFA for Admins<\/a> to learn more. JumpCloud recommends using JumpCloud Protect<\/a> for your MFA solution. <\/p>\n\n\n\n

Require MFA on Users<\/h2>\n\n\n\n

Requiring Multi-factor Authentication on an Individual User Account<\/h3>\n\n\n\n

To require MFA on an individual user account:<\/strong><\/p>\n\n\n\n

    \n
  1. Go to User Management<\/strong> > Users. <\/strong><\/li>\n\n\n\n
  2. Select a user to view their Details. See Getting Started: Users<\/a>.<\/strong><\/li>\n\n\n\n
  3. In the User Security Settings and Permissions section, select Require Multi-factor Authentication for User Portal<\/strong>.<\/li>\n\n\n\n
  4. Specify the number of days the user has to enroll in TOTP MFA before they are required to have MFA at log in. You can specify a number of days between 1 and 365. The default value is 7 days. The enrollment period applies only to TOTP MFA and not to other MFA factors.<\/li>\n\n\n\n
  5. Click save user<\/strong>. After you save, users are notified in an email and are prompted to set up TOTP MFA the next time they log in to their User Portal.<\/li>\n\n\n\n
  6. During enrollment, the user’s details indicate how much time is remaining on their enrollment period.<\/li>\n\n\n\n
  7. After the enrollment period expires, the user is locked out of the User Portal.<\/li>\n<\/ol>\n\n\n\n

     Requiring TOTP MFA on Multiple User Accounts<\/h3>\n\n\n\n

    To require MFA on multiple user accounts:<\/strong><\/p>\n\n\n\n

      \n
    1. Go to User Management<\/strong> > Users. <\/strong><\/li>\n\n\n\n
    2. Select one or more users.<\/li>\n\n\n\n
    3. Click more actions<\/strong>, then select Require User MFA<\/strong>.<\/li>\n\n\n\n
    4. Specify the number of days the user has to enroll in TOTP MFA before they are required to have a TOTP token at login. You can specify a number of days between 1 and 365. The default value is 7 days.<\/li>\n\n\n\n
    5. Click require<\/strong> to require TOTP MFA for the selected users. After you require TOTP MFA for the selected users, they are notified in an email and will be prompted to set up TOTP MFA the next time they log in to their User Portal.<\/li>\n<\/ol>\n\n\n\n

      Extending Time for a User to Enroll in TOTP MFA<\/h2>\n\n\n\n

      You can extend enrollment periods for users by resetting their TOTP MFA.<\/p>\n\n\n\n

      To extend a user’s enrollment period:<\/strong><\/p>\n\n\n\n

        \n
      1. Go to User Management<\/strong> > Users. <\/strong><\/li>\n\n\n\n
      2. Select a user to view their Details panel.<\/li>\n\n\n\n
      3. Click the user’s TOTP MFA status to see the TOTP MFA options menu.<\/li>\n\n\n\n
      4. Select the Reset TOTP MFA<\/strong> option from the menu to display the Reset TOTP modal.<\/li>\n\n\n\n
      5. Specify the time period the user has to enroll, starting from today, and then click reset<\/strong>.<\/li>\n<\/ol>\n\n\n\n

        After you reset TOTP MFA for a user, they are prompted to set up TOTP for their account.<\/p>\n\n\n\n

        Resetting TOTP MFA in Case of Device Loss or Failures<\/h2>\n\n\n\n

        If users lose the device containing their TOTP app, admins can reset TOTP MFA for their account.<\/p>\n\n\n\n

        To reset TOTP MFA for a user:<\/strong><\/p>\n\n\n\n

          \n
        1. Go to User Management<\/strong> > Users. <\/strong><\/li>\n\n\n\n
        2. Select a user to view their Details panel.<\/li>\n\n\n\n
        3. Click the user’s TOTP MFA status to see the TOTP MFA options menu.<\/li>\n\n\n\n
        4. Select the Reset TOTP MFA<\/strong> option from the menu to display the Reset TOTP modal.<\/li>\n\n\n\n
        5. Specify the time period the user has to enroll, starting from today, and then click reset<\/strong>.<\/li>\n<\/ol>\n\n\n\n

          After you reset TOTP MFA for a user, they are prompted to set up TOTP for their account.<\/p>\n\n\n\n

          See Enable TOTP MFA for Devices<\/a> for information about enabling TOTP MFA on your JumpCloud managed systems.<\/p>\n\n\n\n

          View User TOTP MFA Status<\/h2>\n\n\n\n

          The Users list MFA<\/strong> column, which defaults to TOTP, shows you a user’s TOTP MFA status. When you hover over the status, you can see TOTP MFA status details for a user. The following TOTP MFA Statuses are possible:<\/p>\n\n\n\n