{"id":76740,"date":"2023-05-16T17:47:11","date_gmt":"2023-05-16T21:47:11","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=76740"},"modified":"2024-03-29T11:17:44","modified_gmt":"2024-03-29T15:17:44","slug":"get-started-admin-implementation","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation","title":{"rendered":"Get Started: Admin Implementation"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">JumpCloud Admin Implementation Guide<\/h2>\n\n\n\n<p>Welcome to JumpCloud! Thank you for entrusting us to manage your users and devices. This document gives you a proven, structured approach to implementing our directory services in your organization.&nbsp;<br><br>Whether you\u2019re migrating to JumpCloud from another directory service, or beginning to organize and secure your environment, this guide will help you successfully design, test, and implement JumpCloud.<br><br>Looking for a more tailored project plan &nbsp;for your specific migration needs? Check out the Implementation Project Plans below based on your selected package.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Terminology<\/h2>\n\n\n\n<p><strong>Get to know our product terminology<\/strong>:<\/p>\n\n\n\n<ul>\n<li><strong>Administrator<\/strong>: JumpCloud administrators configure and manage JumpCloud for their organization.<\/li>\n\n\n\n<li><strong>User<\/strong>: JumpCloud users access their company resources through JumpCloud.<\/li>\n\n\n\n<li><strong>Device<\/strong>: Computers or Servers that run Mac, Windows, and Linux devices can be managed through JumpCloud. Admins can provision users to devices, deploy policies to devices, and execute commands on devices through JumpCloud.<\/li>\n\n\n\n<li><strong>Groups<\/strong>: JumpCloud connects company resources to groups of resources. For example, connect a group of users to Single Sign On (SSO) applications, RADIUS servers, and directories like Google Workspace and Microsoft 365. You can also connect groups of users to groups of devices.<\/li>\n\n\n\n<li><strong>Directory<\/strong>: A directory service organizes information about a network&#8217;s users and resources. JumpCloud integrates with a variety of popular directory services like Google Workspace and Microsoft 365 to sync user accounts. These integrations let JumpCloud act as an authoritative directory with a single set of credentials that can be used across all directory services.<\/li>\n\n\n\n<li><strong>Applications<\/strong>: SSO SAML 2.0 applications that you can connect with JumpCloud. Applications like Slack, Salesforce, AWS, CakeHR, and so many more.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Best Practices Before You Start<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">JumpCloud University Admin Training and Certification<\/h3>\n\n\n\n<p>JumpCloud University is a reflection of how much we value education as part of our solution. This learning platform is designed to give you the flexibility to take applicable courses and skip courses that you don\u2019t need. We believe in freeform learning so you can take any course, watch any video, and practice any task without being locked into a certain series.<br><br>We believe learning is most effective when the learner gets to choose what they need, when they need it, and how they need it \u2014 and then move on with their day. Structure is there if you want it, but you can easily have freedom to get in, get the information you need, and get out.<br><br>Before starting your initial implementation of JumpCloud, we recommend taking the initial courses within our catalogue. JumpCloud is a large platform and is capable of managing a myriad of technical resources. JumpCloud University\u2019s courses train IT admins on best practices for utilizing JumpCloud to the fullest extent.<br><br>It\u2019s best practice for newer customers to have an IT team member become JumpCloud Core Certified before rolling out the platform within the technical environment. By obtaining the JumpCloud Core Certificate, this verifies the holder\u2019s core knowledge, best practices, and implementation steps using JumpCloud\u2019s platform.<br><br>To get started with your training and certification today, check out&nbsp;<a href=\"https:\/\/jumpcloud.com\/university\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud University<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Guided Simulations<\/h3>\n\n\n\n<p>Learn by doing! Explore JumpCloud\u2019s features from multiple perspectives without impacting your live environment or jumping through hoops for test accounts.&nbsp;<a href=\"https:\/\/jumpcloud.com\/simulations\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud\u2019s Guided Simulations page<\/a>&nbsp;contains examples for both admins and users alike. These simulations cover some of our most popular modules such as agent installation, password reset, Conditional Access Policies, and configuring MDM.<br><br>These simulations are a great way to help train end users within the organization on how to leverage JumpCloud to do important tasks like managing their passwords, activating their account, and installing the agent.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Support and Troubleshooting<\/h3>\n\n\n\n<ul>\n<li>Bookmark our Support page:&nbsp;<a target=\"_blank\" href=\"http:\/\/support.jumpcloud.com\/\" rel=\"noreferrer noopener\">https:\/\/support.jumpcloud.com<\/a><\/li>\n\n\n\n<li>Familiarize yourself with our&nbsp;<a target=\"_blank\" href=\"https:\/\/jumpcloud.com\/policies\/\" rel=\"noreferrer noopener\">Support Policies<\/a><\/li>\n\n\n\n<li>Read our&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\" target=\"_blank\" rel=\"noreferrer noopener\">Help Center Articles<\/a><\/li>\n\n\n\n<li>Subscribe to the&nbsp;<a target=\"_blank\" href=\"https:\/\/status.jumpcloud.com\/\" rel=\"noreferrer noopener\">JumpCloud Status Page<\/a>&nbsp;for status updates, incident alerts, and maintenance windows<\/li>\n\n\n\n<li>If you do get stuck, reach out to&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/contact-jumpcloud-support\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Support<\/a>.&nbsp;Include the following information in your request:\n<ul>\n<li>A detailed description of your issue<\/li>\n\n\n\n<li>Any troubleshooting steps or actions that you\u2019ve taken<\/li>\n\n\n\n<li>Relevant JumpCloud Agent Logs (for device related issues)<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Familiarize yourself with our&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/contact-jumpcloud-support#support-request-guidelines\" target=\"_blank\" rel=\"noreferrer noopener\">Support Request Guidelines<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tips for Set Up and Management<\/h3>\n\n\n\n<ul>\n<li><strong>Avoid surprises<\/strong> &#8211; Avoid unexpected and unintended consequences; <a target=\"_blank\" href=\"https:\/\/jumpcloud.com\/signup\/\" rel=\"noreferrer noopener\">sign up for a free testing account<\/a>.<\/li>\n\n\n\n<li><strong>Test and explore<\/strong> &#8211; Have a plan. Set up a staging environment, install the JumpCloud Agent, and test any changes in a staging environment that mirrors your production devices as closely as possible. This will be helpful for initial implementation, ongoing maintenance, and updates.<\/li>\n\n\n\n<li><strong>Be consistent<\/strong> &#8211; The foundation for efficient, fast scaling is consistency. Successful scaling starts with a good understanding of <a href=\"https:\/\/jumpcloud.com\/support\/get-started-device-groups\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Groups<\/a>.<\/li>\n\n\n\n<li><strong>Add Administrator Team Members<\/strong> &#8211; We always suggest adding your IT team members as JumpCloud Administrators to your organization. You can set each admin with their own role with scoped permissions based on their job duties or needs. Learn more about how to <a href=\"https:\/\/jumpcloud.com\/support\/manage-admin-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">Add Administrators to JumpCloud<\/a>&nbsp;and grant their <a href=\"https:\/\/jumpcloud.com\/support\/admin-portal-roles\" target=\"_blank\" rel=\"noreferrer noopener\">Admin Account Role<\/a>.&nbsp;<\/li>\n\n\n\n<li><strong>Notify employees<\/strong> &#8211; To ensure a consistent line of communication between you and your employees and end-users, email them in preparation with upcoming steps, needs, and actions. JumpCloud has supplied some generic email templates to assist with notifying your organization on the different steps throughout your implementation. Check out these <a href=\"https:\/\/jumpcloud.com\/support\/email-templates-for-new-users\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud End-User Email Templates<\/a>&nbsp;to use when notifying your employees.\u200b<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Set up your Admin Portal<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Settings<\/h3>\n\n\n\n<p>Before you can really start to build out your JumpCloud directory, we recommend creating and modifying various global settings like password aging, complexity, lockouts, and more. These configurations are enacted on all resources within the JumpCloud platform.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>None<\/strong>\/<strong>Low<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/settings-in-admin-portal\" target=\"_blank\" rel=\"noreferrer noopener\">Settings in the JumpCloud Admin Portal<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/manage-admin-accounts\" target=\"_blank\" rel=\"noreferrer noopener\">Adding Admins to your JumpCloud Organization<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/customize-email-templates\" target=\"_blank\" rel=\"noreferrer noopener\">Customizing Welcome Emails sent to Users from JumpCloud<\/a>&nbsp;&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/set-a-global-policy\" target=\"_blank\" rel=\"noreferrer noopener\">Conditional Access: Global Policy for MFA<\/a>&nbsp;(if applicable)<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/system-insights\" target=\"_blank\" rel=\"noreferrer noopener\">Enabling System Insights<\/a>&nbsp;(if applicable)<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/directory-insights\" target=\"_blank\" rel=\"noreferrer noopener\">Enabling Directory Insights<\/a>&nbsp;(if applicable)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Building Users in JumpCloud<\/h3>\n\n\n\n<p>This step involves building the user directory. You&#8217;ll connect users with devices in the <a href=\"#going-live\">Going Live<\/a>&nbsp;steps.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>None<\/strong>\/<strong>Low<\/strong><\/p>\n\n\n\n<p><strong>User Import Types and Privileges required<\/strong>:<\/p>\n\n\n\n<ul>\n<li><strong>CSV Import<\/strong>: JumpCloud Admin Portal privileges<\/li>\n\n\n\n<li><strong>Google Workspace Directory Import<\/strong>: Super Administrator credentials are required<\/li>\n\n\n\n<li><strong>Microsoft 365 Directory Import<\/strong>: Global Administrator credentials are required<\/li>\n\n\n\n<li><strong>Okta Real-Time User and Password Import<\/strong>: Administrator credentials are required<\/li>\n\n\n\n<li><strong>Active Directory Integration<\/strong>: Domain Administrator credentials are required<\/li>\n\n\n\n<li><strong>API Import<\/strong>: JumpCloud Admin Portal privileges and an API key<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>CSV imported users without an initial password will not receive any welcome email. If you would like to send an activation email to these users, select them in bulk from the Users page. Click &#8220;more actions&#8221; and then &#8220;Resend Email&#8221;<\/li>\n\n\n\n<li>Adding\/Importing users into JumpCloud will have no effect on existing accounts until the user is associated with a resource (Device, Google Workspace\/Microsoft 365 Directory).<\/li>\n\n\n\n<li>If you would like JumpCloud to take-over existing user accounts, the JumpCloud username must EXACTLY MATCH the local device username. If there is not an exact match, JumpCloud will assume the username is new and create a new user profile when a user is bound to the device. See <a href=\"https:\/\/jumpcloud.com\/support\/naming-conventions-for-users\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud User Naming Convention<\/a>.<\/li>\n\n\n\n<li>Usernames for users imported from Google Workspace or Microsoft 365 will be their email address prefix. Please consider whether this matches your local device usernames, or if you intend to create new local user accounts. Be aware that you can only rename usernames of user accounts that aren&#8217;t yet bound to a resource.\n<ul>\n<li>Example: testuser123@domain.com will have a username of testuser123.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>\u200bStep-by-step Implementation links<\/strong>:<\/p>\n\n\n\n<p><strong>CSV Import<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/import-users-from-csv-with-powershell-module\" target=\"_blank\" rel=\"noreferrer noopener\">Importing JumpCloud Users via CSV<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Google Workspace Directory Import<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Google Workspace User Import, Provisioning, and Sync<\/a><\/li>\n<\/ul>\n\n\n\n<p>Don&#8217;t connect users to the Google Workspace Directory until you&#8217;re ready to Go Live.<\/p>\n\n\n\n<p><strong>Microsoft 365 Directory Import<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/m365-directory-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365 User Import, Provisioning, and Sync<\/a><\/li>\n<\/ul>\n\n\n\n<p>Don&#8217;t connect users to the Microsoft 365 Directory until you&#8217;re ready to Go Live.<\/p>\n\n\n\n<p><strong>Okta Real Time User Import<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/configure-okta-real-time-user-password-import\" target=\"_blank\" rel=\"noreferrer noopener\">Configure Okta Real-time User and Password Import<\/a>: This integration with Okta allows Okta to be the authority over JumpCloud Users, their passwords, and User Attributes. In this configuration it is always recommended to have users change their passwords in Okta. Okta will then immediately send the new password to their JumpCloud account and associated resources. Please note that if Users are on macOS devices, there are certain workflows that need to be followed. These macOS workflows are addressed within the KB above.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Active Directory Integration<\/strong><\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/Configure-the-Active-Directory-Integration\" target=\"_blank\" rel=\"noreferrer noopener\">Integrating AD with JumpCloud<\/a>: This is used when you\u2019re wanting to bridge a bisynchronous connection between your Active Directory domain and your JumpCloud tenant. You can leverage this integration to ensure that password changes within either directory are synced to the other. Not generally recommended if you\u2019re migrating away from or decommissioning Active Directory, as we recommend another solution such as the M365 or GWS Directory Sync to import your users.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/migrate-users-from-active-directory\" target=\"_blank\" rel=\"noreferrer noopener\">Migrating Users from Active Directory to JumpCloud<\/a>: This is used when you\u2019re wanting to export the Active Directory users into JumpCloud. The methods mentioned in this KB are via CSV, but you may also alternatively use the M365 or GWS import feature instead. If your users are using domain-bound devices, you will need to migrate these devices from AD-bound to a local workgroup and local user profile using the <a href=\"https:\/\/github.com\/TheJumpCloud\/jumpcloud-ADMU\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Active Directory Migration Utility<\/a>. This helps convert the devices and profiles to a local workgroup and profile while also installing the JumpCloud Agent on your behalf.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Deploying Agents to Devices<\/h3>\n\n\n\n<p>You should deploy the JumpCloud agent on any devices that you want JumpCloud to manage. You can install the JumpCloud agent on devices that are connected to a domain, however the agent is limited to just Commands and System Insights.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>:&nbsp;<strong>Low<\/strong><\/p>\n\n\n\n<p><strong>Required Privileges<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Manual and Remote Installs require remote root \/ administrator access to the device. To commit remote installs, you may need an RMM, MDM, or remote tooling to install the JumpCloud Agent. Otherwise you may manually install by being physically present to install or via a remote screen share software with your users.&nbsp;<\/li>\n\n\n\n<li>End-User Installs require the User to have local root \/ administrator privileges to the device.<\/li>\n<\/ul>\n\n\n\n<p><strong>JumpCloud Agent Requirements<\/strong>:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/agent-compatibility-system-requirements-and-impacts\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Agent Compatibility, Device Requirements, and Impacts<\/a><\/li>\n\n\n\n<li>Internet connectivity and time synchronization &#8211; <a href=\"https:\/\/jumpcloud.com\/support\/agent-networking-and-port-requirements\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Agent Networking Requirements<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:&nbsp;<\/p>\n\n\n\n<ul>\n<li>Command line vs. manual install depending on current environment size and expected future growth and desired deployment practices.<\/li>\n\n\n\n<li>Establish a consistent device naming convention for your user accounts. Verify your JumpCloud naming convention for usernames exactly matches the usernames on existing devices to ensure proper account take over. &nbsp;<\/li>\n\n\n\n<li>Consider establishing a consistent naming convention for device names.&nbsp;<\/li>\n\n\n\n<li>Ensure that the network is configured to allow communication with JumpCloud&#8217;s servers. See <a href=\"https:\/\/jumpcloud.com\/support\/add-a-device\" target=\"_blank\" rel=\"noreferrer noopener\">Clarification on Device Names<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><strong>Installation Methods<\/strong>:<\/p>\n\n\n\n<p><strong>Windows<\/strong><\/p>\n\n\n\n<ul>\n<li>Manual install via JumpCloud Admin Portal, Remote Install via RMM\/MDM, or manual distribution of JumpCloudInstaller.exe.&nbsp;&nbsp; &nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/enable-users-to-install-the-agent\" target=\"_blank\" rel=\"noreferrer noopener\">End User Installs from User Portal<\/a><\/li>\n\n\n\n<li>Command line: <a href=\"https:\/\/jumpcloud.com\/support\/install-the-agent-from-command-line\" target=\"_blank\" rel=\"noreferrer noopener\">Agent Deployment via Command Line<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Linux<\/strong><\/p>\n\n\n\n<ul>\n<li>Manual Installation via JumpCloud Admin Portal or manual distribution of command-line install.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/enable-users-to-install-the-agent\" target=\"_blank\" rel=\"noreferrer noopener\">End User Installs from User Portal<\/a><\/li>\n\n\n\n<li>Command line: curl &#8211;silent &#8211;show-error &#8211;header &#8216;x-connect-key: YOUR_CONNECT_KEY&#8217; https:\/\/kickstart.jumpcloud.com\/Kickstart | sudo bash<\/li>\n\n\n\n<li>Automation via Configuration Management Tools:\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/install-the-linux-agent\" target=\"_blank\" rel=\"noreferrer noopener\">Reducing Agent Install Time on Linux<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>macOS<\/strong><\/p>\n\n\n\n<p>Before deploying agents to your macOS devices, JumpCloud recommends configuring JumpCloud MDM with your ABM account. Check out how you can <a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/Getting-Started-MDM\" target=\"_blank\" rel=\"noreferrer noopener\">get started with <\/a><a href=\"https:\/\/jumpcloud.com\/support\/get-started-mdm\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud<\/a><a href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/Getting-Started-MDM\" target=\"_blank\" rel=\"noreferrer noopener\"> MDM<\/a>.&nbsp;<\/p>\n\n\n\n<p>If you\u2019re using a third-party MDM (like JAMF, Kandji, Mosyle, etc), you may disregard the latter statement and continue installing the JumpCloud Agent.&nbsp;<\/p>\n\n\n\n<p><strong>Note<\/strong>: Users must approve Full Disk Access to the JumpCloud Agent during install for macOS 12.0+ Monterey. See how to <a href=\"https:\/\/jumpcloud.com\/support\/grant-full-disk-access-permissions-to-the-jumpcloud-agent-for-macos\" target=\"_blank\" rel=\"noreferrer noopener\">grant full disk access to the JumpCloud Agent<\/a>.&nbsp;<\/p>\n\n\n\n<ul>\n<li>\u200bManual install via JumpCloud Admin Portal or manual distribution of jumpcloud-agent.pkg.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/enable-users-to-install-the-agent\" target=\"_blank\" rel=\"noreferrer noopener\">End User Installs from User Portal<\/a><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring JumpCloud Groups<\/h3>\n\n\n\n<p>At JumpCloud\u2019s core, it&#8217;s all about managing Users, their access, passwords, and identities across your environment. We recommend creating User Groups and Device Groups first as this will help you organize your user and device objects when you begin to import and add resources. As JumpCloud is GBAC-based (group-based access control), before Users can be given access to resources such as SSO Apps, they must be bound to a User Group that\u2019s been granted App access.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Creating User Groups<\/h4>\n\n\n\n<p>Groups are the best way to control users&#8217; access to resources. If the groups will be used to control access to a resource, connect the group to the resource.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Low<\/strong><\/p>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Create groups as needed for a given resource, and add user groups to the resources.<\/li>\n\n\n\n<li>Establish a naming convention for user groups that aligns across your organization.<\/li>\n\n\n\n<li>Determine a consistent, scalable structure for groups.<\/li>\n\n\n\n<li>User groups should be used to control access to devices, SSO applications, RADIUS networks, and directories like Google Workspace, Microsoft 365, and LDAP.<\/li>\n\n\n\n<li>Learn More: <a href=\"https:\/\/jumpcloud.com\/support\/get-started-user-groups\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started: User Groups<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log in to the JumpCloud Administrator Portal: <a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/console.jumpcloud.com\/\">https:\/\/console.jumpcloud.com<\/a>.<\/li>\n\n\n\n<li>Go to <strong>USER MANAGEMENT<\/strong> &gt; <strong>User Groups<\/strong>.<\/li>\n\n\n\n<li>Click the &#8216;<strong>+<\/strong>&#8216; button to create a new user group.&nbsp;<\/li>\n\n\n\n<li>Create a name for the group and add any additional attributes.&nbsp;<\/li>\n\n\n\n<li>Go to <strong>USER MANAGEMENT<\/strong> &gt; <strong>Users<\/strong> to bind users to the new user group.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\">Creating Device Groups<\/h4>\n\n\n\n<p>Device groups can be used to control user or user group access to devices.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Low<\/strong><\/p>\n\n\n\n<p><strong>Considerations<\/strong>:&nbsp;<\/p>\n\n\n\n<ul>\n<li>Policies and Policy Groups should be applied to Device Groups.<\/li>\n\n\n\n<li>Device Groups can contain a mix of operating systems.<\/li>\n\n\n\n<li>Create Device Groups as needed for your devices.<\/li>\n\n\n\n<li>Connect devices to Device Groups.<\/li>\n\n\n\n<li>Determine a scalable Device Group structure.<\/li>\n<\/ul>\n\n\n\n<p>See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-device-groups\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started: Device Groups<\/a>&nbsp;to learn how to create Device Groups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Going Live <\/h3>\n\n\n\n<p><strong>Educate Your Employees<\/strong><\/p>\n\n\n\n<p>When installing any new software or environment-wide application, it\u2019s always best practice to educate and notify your end users before implementing. Send the following links to your organization employees so they can be aware of any changes, steps, and items during the implementation project.&nbsp;<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/get-started-user-portal#New-User-FAQ\" target=\"_blank\" rel=\"noreferrer noopener\">New User FAQ<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/get-started-user-portal\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started with Your JumpCloud User Account<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Note<\/strong>: See <a href=\"https:\/\/jumpcloud.com\/support\/email-templates-for-new-users\" target=\"_blank\" rel=\"noreferrer noopener\">Email Templates and Recommendations for Educating Users<\/a>&nbsp;for example user communications before implementing certain features throughout your project plan.<\/p>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>High<\/strong><\/p>\n\n\n\n<p>Ensure end users understand JumpCloud will be managing their identity \u2014 their access to devices, applications, and other resources is managed by JumpCloud.<\/p>\n\n\n\n<ul>\n<li>You can connect the user to any of the resources connected to JumpCloud from a device to applications, networks, etc. However, if the user is created in a Staged user state, they will not gain access to their assigned resources until they are activated. See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/manage-user-states\" target=\"_blank\" rel=\"noreferrer noopener\">Managing User States<\/a>&nbsp;for specific information about when a user is provisioned.<\/li>\n\n\n\n<li>Users update their passwords from the User Portal or from their JumpCloud Tray App on their device. See <a target=\"_blank\" href=\"https:\/\/support.jumpcloud.com\/support\/s\/article\/how-do-i-change-my-jumpcloud-user-account-password-2019-08-21-10-36-47\" rel=\"noreferrer noopener\">Changing My JumpCloud User Account Password?<\/a><\/li>\n\n\n\n<li>If Mac users update their passwords in the JumpCloud User Portal instead of changing it in the JumpCloud Mac Tray App, they&#8217;ll have to log out and log back in to update their Keychain and FileVault password.&nbsp;<\/li>\n\n\n\n<li>Google Workspace and Microsoft 365 users change their passwords in the JumpCloud User Portal. If users change their passwords within either of these directories instead of JumpCloud, there may be a password discrepancy between the two.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li><strong>User Activation<\/strong> &#8211; setting a temporary password vs. sending the user activation email.<\/li>\n\n\n\n<li>Notify applicable users that they will be receiving a Welcome email from JumpCloud.<\/li>\n\n\n\n<li><strong>Educate All Users<\/strong> \u2014 including Google Workspace and Microsoft 365 users \u2014 that they change their password in their JumpCloud User Portal or in their JumpCloud managed device\u2019s JumpCloud Tray App.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Customize organization information in the JumpCloud Admin Portal under <strong>Settings<\/strong>.<\/li>\n\n\n\n<li>Communicate workflow changes to users.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Google Workspace Directory Sync<\/h3>\n\n\n\n<p>To use JumpCloud&#8217;s Google Workspace Directory integration, one of the following Google licenses are required:<\/p>\n\n\n\n<ul>\n<li>Google Workspace for Business<\/li>\n\n\n\n<li>Google Workspace for Education<\/li>\n\n\n\n<li>Google Workspace Basic (requires valid payment input for user additions)<\/li>\n\n\n\n<li>You must have an active Google Workspace domain to proceed<\/li>\n\n\n\n<li>A Google Workspace Domain Admin (Super Administrator)<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User workflow impacted<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li><a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Google Workspace User Import, Provisioning, and Sync<\/a><\/li>\n\n\n\n<li>Users exist and have been imported into JumpCloud from Google Workspace.<\/li>\n\n\n\n<li>Users have been notified of the upcoming change.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Users should be notified that JumpCloud will be managing their Google Workspace credentials, and informed on how they should update their passwords going forward.<\/li>\n\n\n\n<li>Users that are removed from the Google Workspace Directory Sync will have their accounts suspended in Google Workspace.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/faq-google-workspace-directory-integration\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ &#8211; Google Workspace User Provisioning and Sync<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Learn how, see <a target=\"_blank\" href=\"https:\/\/jumpcloud.com\/university\/creating-users\" rel=\"noreferrer noopener\">Creating &amp; Importing Users in JumpCloud<\/a><\/li>\n\n\n\n<li>We recommend that User Groups be used to connect users to the Google Workspace Directory. See <a href=\"https:\/\/jumpcloud.com\/support\/google-workspace-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Google Workspace User Import, Provisioning, and Sync<\/a>.<\/li>\n\n\n\n<li>Users will receive an email to set or reset their JumpCloud password to complete synchronization.<\/li>\n\n\n\n<li>If a user\u2019s current Google Apps password meets JumpCloud password complexity requirements, and they opt to use that for JumpCloud registration, from their perspective there is no password reset, although they may be logged out of their active Google sessions.<\/li>\n\n\n\n<li>Monitor adoption with the user status in the JumpCloud Admin Portal. Resend emails as necessary.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Microsoft 365 Directory Sync<\/h3>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Microsoft 365 Directory Sync Authorized in JumpCloud<\/li>\n\n\n\n<li>Users exist in the JumpCloud Directory<\/li>\n\n\n\n<li>Users have been notified of the upcoming change<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User workflow impacted<\/p>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Users should be notified that JumpCloud will be managing their Microsoft 365 credentials, and informed on how they should update their passwords going forward.<\/li>\n\n\n\n<li>Users that are removed from the Microsoft 365 Directory Sync will have their accounts suspended in Microsoft 365.<\/li>\n\n\n\n<li>The Microsoft 365 Directory Sync has to be reauthorized every 90 Days.<\/li>\n\n\n\n<li>FAQ &#8211; <a href=\"https:\/\/jumpcloud.com\/support\/faq-m365-directory-integration\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365 User Provisioning and Sync<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Learn how, see <a target=\"_blank\" href=\"https:\/\/jumpcloud.com\/university\/creating-users\" rel=\"noreferrer noopener\">Creating &amp; Importing Users in JumpCloud<\/a>.<\/li>\n\n\n\n<li>It is recommended that User Groups be used to bind users to the Microsoft 365 Director. See <a href=\"https:\/\/jumpcloud.com\/support\/m365-directory-integration-overview\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365 User Import, Provisioning, and Sync<\/a>.<\/li>\n\n\n\n<li>Users will receive an email to set or reset their JumpCloud password to complete synchronization. &nbsp;<\/li>\n\n\n\n<li>If the user\u2019s current Microsoft 365 password meets JumpCloud password complexity requirements and they opt to use that for JumpCloud registration, from their perspective there is no password reset, although they may be logged out of their active sessions.<\/li>\n\n\n\n<li>Monitor adoption with the user status in the JumpCloud Console. Resend emails as necessary.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">User and Device Takeover<\/h3>\n\n\n\n<p><strong>Prerequisites<\/strong>:&nbsp;<\/p>\n\n\n\n<ul>\n<li>JumpCloud agent is installed on devices and the device status is active\/green in Admin Portal.<\/li>\n\n\n\n<li>Users are active in JumpCloud.<\/li>\n\n\n\n<li>JumpCloud usernames and device usernames match.<\/li>\n\n\n\n<li>Users have been notified of the change and understand where to update their passwords.<\/li>\n\n\n\n<li>Admins understand the expected behavior when users and devices are connected.<\/li>\n\n\n\n<li>You&#8217;ve successfully tested devices in your environment.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Whether to use a phased roll-out approach or an all-at-once approach of going live with all users and devices at one time.\n<ul>\n<li>Phased roll-out: This is useful if the majority of users are able to migrate to JumpCloud, however there is a group of users restricted by time. The phased roll-out is also useful for organizations with distributed teams. We recommend this approach for going live.<\/li>\n\n\n\n<li>All-at-once: This approach is most typically used when all users are migrated at the same time.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Ensure that the timing of implementing these tasks won&#8217;t disrupt business operations, and that support staff are ready to assist if needed.<\/li>\n\n\n\n<li>Windows Live accounts aren&#8217;t supported and will need to be converted to local accounts. Learn how, see <a href=\"https:\/\/jumpcloud.com\/support\/use-microsoft-accounts-with-jumpcloud\" target=\"_blank\" rel=\"noreferrer noopener\">Unlinking a Windows Live Account<\/a>.<\/li>\n\n\n\n<li>Active Directory bound devices with AD managed profiles are not supported for account takeover by JumpCloud. Please see the <a target=\"_blank\" href=\"https:\/\/github.com\/TheJumpCloud\/jumpcloud-ADMU\" rel=\"noreferrer noopener\">JumpCloud Active Directory Migration Utility<\/a> for more details.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>High<\/strong> &#8211; Users will be using their JumpCloud identities \/ accounts to authenticate to devices.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Existing Account Takeover (All OSes)<\/h3>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Ensure JumpCloud usernames and local device usernames match. If there are discrepancies, learn how in <a href=\"https:\/\/jumpcloud.com\/support\/naming-conventions-for-users\" target=\"_blank\" rel=\"noreferrer noopener\">Changing Existing Usernames in Devices<\/a>.<\/li>\n\n\n\n<li>Connect the user to a device by going to <strong>USER MANAGEMENT<\/strong> &gt; <strong>Users<\/strong>. Then click on a user and go to the <strong>Devices<\/strong> tab.<\/li>\n\n\n\n<li>Allow up to a few minutes for the synchronization to occur.<\/li>\n\n\n\n<li>Advise users to log out and log back in with their JumpCloud account credentials.<\/li>\n<\/ol>\n\n\n\n<p><strong>Note<\/strong>: Be aware that changing usernames on Mac and Linux isn&#8217;t generally recommended unless you have full understanding of the impacts of doing so. Changing the username on these platforms can have adverse effects on application and file access.<\/p>\n\n\n\n<p><strong>New Local Accounts (All OSes)<\/strong><\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Connect the user to a device on the Devices tab of the user&#8217;s Details panel.<\/li>\n\n\n\n<li>Allow up to a few minutes for the synchronization to occur.<\/li>\n\n\n\n<li>Advise users to log in with their JumpCloud account credentials.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Policies and Policy Groups<\/h3>\n\n\n\n<p>JumpCloud Policies let admins control the behavior of devices for various purposes, most commonly to enforce security standards. Policies are set through the JumpCloud Admin Portal and require no coding skills. After they are configured, admins can deploy policies to groups of devices and monitor the status of each device to ensure the policy is enabled.<\/p>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>When configuring an individual policy, they should be applied to device groups.&nbsp;<\/li>\n\n\n\n<li>We recommend using Policy Groups. Policy Groups can contain multiple policies you configure and you may then apply the Policy Group to Device Groups. For example, if you have a security baseline you need to meet, a singular Policy Group could contain X number of policies, which you can then bind to a Device Group(s).&nbsp;<\/li>\n\n\n\n<li>Some policies can be applied to all users, or only JumpCloud managed users on the device.<\/li>\n\n\n\n<li>Some policies require additional action, such as user log out \/ log in or device restart to take effect. Refer to the Policy Activation Details on the JumpCloud Policy\u2019s Details pane for more information.<\/li>\n\n\n\n<li>Some policies are only compatible with certain OS versions and license levels.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Low to High<\/strong> &#8211; depending on the policy<\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Create a new policy, configuring any required settings.&nbsp;<\/li>\n\n\n\n<li>Create a new policy group. Add previously configured policies to this policy group.<\/li>\n\n\n\n<li>Connect the policy group to a device group.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring Applications (SSO \/ SAML)<\/h3>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Enabling SSO for a Service Provider (SP) will typically disable username\/password authentication for all users. Please test during a maintenance window, or in a sandbox environment if available.<\/li>\n\n\n\n<li>Service Provider requirements.<\/li>\n\n\n\n<li>Administrators should be able to generate an SSL Certificate\/ Key pair. See <a href=\"https:\/\/jumpcloud.com\/support\/saml-configuration-notes\" target=\"_blank\" rel=\"noreferrer noopener\">Generating a Public Certificate \/ Private Key Pair Using OpenSSL<\/a>.<\/li>\n\n\n\n<li>Users should be educated on how they will authenticate into applications after SSO is enabled<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/support\/get-started-applications-saml-sso\" target=\"_blank\" rel=\"noreferrer noopener\">SP initiated vs. IdP initiated SSO<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User authentication workflow changes. Once configured, Users must authenticate through JumpCloud before access is granted to the application.<\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Review SSO documentation for both JumpCloud and the Service Provider.<\/li>\n\n\n\n<li>Create a User Group to manage which users access the application.<\/li>\n\n\n\n<li>Grant user access by assigning users to the appropriate user &nbsp;groups.<\/li>\n\n\n\n<li>Configure the SSO application within JumpCloud.<\/li>\n\n\n\n<li>Configure SSO in the Service Provider\u2019s settings.<\/li>\n\n\n\n<li>Test to ensure authentication workflow routes through JumpCloud.<\/li>\n\n\n\n<li>Enable either SCIM or JIT on the JumpCloud SSO Connector, if the SP supports either protocol. If SCIM is supported by the SP, we recommend configuring SCIM and not configuring JIT as SCIM handles the full-lifecycle of users, where JIT only supports creation and updates.&nbsp;<\/li>\n<\/ol>\n\n\n\n<p><strong>SSO Scenarios: SP initiated &amp; IdP initiated<\/strong><\/p>\n\n\n\n<ul>\n<li>The SP initiated workflow is the scenario where SSO is enabled for an application, and a user attempts to login via the SP. The expected behavior is that the user will be redirected to the JumpCloud login page. After they log in, the user is authenticated and logged in to the SP.<\/li>\n\n\n\n<li>The IdP initiated workflow is the scenario where a user logs in to their JumpCloud User Portal and logs in to an application via one of the application icons in their Portal dashboard. \u200b<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring LDAP&nbsp;<\/h3>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Service Provider LDAP configuration documentation and\/or support.<\/li>\n\n\n\n<li>A working LDAP Binding User (This is the service account for JumpCloud LDAP).<\/li>\n\n\n\n<li>JumpCloud Users have been bound to the LDAP Directory.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>LDAP Binding Service account naming convention.<\/li>\n\n\n\n<li>LDAP configurations vary depending on the Service Provider.<\/li>\n\n\n\n<li>Naming conventions for LDAP Groups.<\/li>\n\n\n\n<li>Familiarity with ldapsearch for testing and troubleshooting. See <a href=\"https:\/\/jumpcloud.com\/support\/use-ldapsearch-with-jumpcloud\" target=\"_blank\" rel=\"noreferrer noopener\">Using ldapsearch with JumpCloud<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User authentication workflow impacted<\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Prepare an LDAP Binding User account. See <a href=\"https:\/\/jumpcloud.com\/support\/use-cloud-ldap\" target=\"_blank\" rel=\"noreferrer noopener\">Using JumpCloud&#8217;s LDAP-as-a-Service<\/a>.<\/li>\n\n\n\n<li>Create a User Group to manage which users are given access to LDAP Authentication.<\/li>\n\n\n\n<li>Grant user access by assigning users to the appropriate user groups.<\/li>\n\n\n\n<li>Bind User Groups to LDAP.<\/li>\n\n\n\n<li>Complete LDAP configuration within the Service Provider.<\/li>\n\n\n\n<li>Test connectivity. This may not be available for all vendors.<\/li>\n\n\n\n<li>Go live by enabling LDAP authentication in the Service Provider configuration.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring RADIUS<\/h3>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>JumpCloud Users connected to a user group.<\/li>\n\n\n\n<li>Users have activated their JumpCloud accounts.<\/li>\n\n\n\n<li>Wireless Access Points (WAP\u2019s) which support RADIUS Authentication.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Authentication Protocol &#8211; EAP\/TTLS vs PEAP: See <a href=\"https:\/\/jumpcloud.com\/support\/configure-a-wap-vpn-or-router-for-radius\" target=\"_blank\" rel=\"noreferrer noopener\">Configuring a Wireless Access Point (WAP), VPN, or Router for JumpCloud&#8217;s RADIUS<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User workflow impacted<\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Configurations vary by vendor. For links to RADIUS basics and limited specific setup docs.<\/li>\n\n\n\n<li>Create a User Group to manage which users are given access to the RADIUS network.<\/li>\n\n\n\n<li>Grant user access by assigning users to the appropriate user groups.<\/li>\n\n\n\n<li>Bind User Groups to the JumpCloud RADIUS endpoint.<\/li>\n\n\n\n<li>Complete RADIUS configuration within the networking device. Check with your vendor\u2019s documentation on how to configure RADIUS.<\/li>\n\n\n\n<li>Test connectivity. This may not be available for all vendors.<\/li>\n\n\n\n<li>Go live by enabling RADIUS authentication in the network configuration.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring Conditional Access Policies (if applicable)<\/h3>\n\n\n\n<p>Use Conditional Access Policies to implement Zero Trust security in your organization. You can create conditional access policies that secure access to resources based on conditions like a user&#8217;s identity and the network and device they\u2019re on. For example, lock down your environment with policies that deny access when users are on unmanaged devices or unapproved networks. Alternatively, relax access and let users log in to the User Portal without Multi-factor Authentication (MFA) when they\u2019re on a VPN or managed device. &nbsp;<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>JumpCloud Users are activated<\/li>\n\n\n\n<li>You\u2019ve created JumpCloud User Groups<\/li>\n\n\n\n<li>Devices are managed by JumpCloud<\/li>\n\n\n\n<li>SSO Applications have been configured in JumpCloud<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Conditional Access Policies are included within the JumpCloud Platform Plus package<\/li>\n\n\n\n<li>Conditional Access Policies focusing on Device Trust require the JumpCloud Agent to be running on your managed devices.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>Medium<\/strong> &#8211; User workflow impacted<\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Navigate to Conditional Policies&nbsp;in the left hand menu.<\/li>\n\n\n\n<li>Click the &#8216;<strong>+<\/strong>&#8216; button to create a policy.&nbsp;<\/li>\n\n\n\n<li>Configure the policy for either device trust, network trust, geolocation, or MFA by group as you require for your security compliance.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>.<\/li>\n<\/ol>\n\n\n\n<p>To learn more about Conditional Access Policies and how to properly configure these types of policies, see, <a href=\"https:\/\/jumpcloud.com\/support\/get-started-conditional-access-policies\" target=\"_blank\" rel=\"noreferrer noopener\">Getting Started: Conditional Access Policies<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Directory Insights<\/h3>\n\n\n\n<p>Directory Insights is JumpCloud&#8217;s event logging and compliance feature. Directory Insights shines a light on audit trails leading up to critical events so you know the what, where, when, how, and who of your directory activities. You can use our RESTful API, PowerShell Module, and Administrator Portal to access event logs, see activity happening in your directory, and monitor user authentications to the User Portal, SAML SSO applications, RADIUS, and LDAP.&nbsp;<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong>:<\/p>\n\n\n\n<ul>\n<li>JumpCloud Pricing Package that includes Directory Insights\n<ul>\n<li>If you&#8217;d like to enable this, email <a href=\"mailto:directoryinsights@jumpcloud.com\">directoryinsights@jumpcloud.com<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong>:<\/p>\n\n\n\n<ul>\n<li>Directory Insights data catalogues various information and updates in real time, see <a href=\"https:\/\/jumpcloud.com\/support\/directory-insights\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Directory Insights<\/a>.<\/li>\n<\/ul>\n\n\n\n<p><strong>End User Impact<\/strong>: <strong>None&nbsp;<\/strong><\/p>\n\n\n\n<p><strong>Implementation Steps<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Go to <strong>INSIGHTS<\/strong> &gt; <strong>Directory<\/strong>.<\/li>\n\n\n\n<li>Create views, filters, and select time ranges which you want to audit.&nbsp;<\/li>\n\n\n\n<li>Export the data to JSON or CSV via the export drop down in the right hand side.&nbsp;<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Complete<\/h3>\n\n\n\n<p>After following the steps above alongside your Project Plan, you should be completed with your implementation of JumpCloud\u2019s platform. If you run into any break-fix issues along the way or after your implementation, please contact support by creating a support ticket within the Admin Portal.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>JumpCloud Admin Implementation Guide Welcome to JumpCloud! Thank you for entrusting us to manage your users and devices. This document [&hellip;]<\/p>\n","protected":false},"author":207,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2848,2937],"support_tag":[],"coauthors":[2843],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Get Started: Admin Implementation - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Get Started: Admin Implementation\" \/>\n<meta property=\"og:description\" content=\"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-29T15:17:44+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"23 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sashaharrington\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation\",\"url\":\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation\",\"name\":\"Get Started: Admin Implementation - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-16T21:47:11+00:00\",\"dateModified\":\"2024-03-29T15:17:44+00:00\",\"description\":\"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Get Started: Admin Implementation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Get Started: Admin Implementation - JumpCloud","description":"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation","og_locale":"en_US","og_type":"article","og_title":"Get Started: Admin Implementation","og_description":"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.","og_url":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation","og_site_name":"JumpCloud","article_modified_time":"2024-03-29T15:17:44+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"23 minutes","Written by":"sashaharrington"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation","url":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation","name":"Get Started: Admin Implementation - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-16T21:47:11+00:00","dateModified":"2024-03-29T15:17:44+00:00","description":"Learn how to design, test, and implement JumpCloud with confidence using this comprehensive guide.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/get-started-admin-implementation"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/get-started-admin-implementation#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Get Started: Admin Implementation"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76740"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/207"}],"version-history":[{"count":4,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76740\/revisions"}],"predecessor-version":[{"id":108094,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/76740\/revisions\/108094"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=76740"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=76740"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=76740"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=76740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}