{"id":99158,"date":"2024-01-17T18:32:39","date_gmt":"2024-01-17T23:32:39","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=99158"},"modified":"2024-05-15T12:41:02","modified_gmt":"2024-05-15T16:41:02","slug":"externally-managed-passwords","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords","title":{"rendered":"Externally Managed Passwords"},"content":{"rendered":"\n<p>Externally managed passwords prevent password changes within JumpCloud, both by users and admins. When users password authority is set externally, they will no longer receive password expiration notifications and password expirations won\u2019t apply to them.<br><br>Use this setting when a user\u2019s password is being managed by an upstream integration or when they\u2019re authenticating with an external Identity Provider (IdP).<\/p>\n\n\n\n<p><strong>Prerequisites<\/strong><\/p>\n\n\n\n<ul>\n<li>The appropriate integration, like Active Directory or an IdP, is configured in JumpCloud OR an upstream SCIM\/provisioning integration is configured.<\/li>\n<\/ul>\n\n\n\n<p><strong>Considerations<\/strong><\/p>\n\n\n\n<ul>\n<li>Once this user setting is enabled, users <strong>will not <\/strong>be able to change their own password from their JumpCloud device tray application, User Portal, or any other password reset flow. Additionally, admins won\u2019t be able to set user passwords from the Admin Portal.<\/li>\n\n\n\n<li>The Externally Managed Password setting requires that an integration be selected for the password authority.&nbsp;<\/li>\n\n\n\n<li>If the user is associated to an Active Directory Integration, changes to the externally managed password may be overwritten on the next Active Directory Integration sync.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Setting the Password Authority for Users in the Admin Portal<\/strong><\/h2>\n\n\n\n<p><strong>To set the password authority for your users:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\/admin\">JumpCloud admin portal<\/a>.&nbsp;<\/li>\n\n\n\n<li>Go to <strong>USER MANAGEMENT<\/strong> &gt; <strong>Users<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Click on the user you want to set the password authority for.&nbsp;<\/li>\n\n\n\n<li>Click on the <strong>Details<\/strong> tab, then open the dropdown for <strong>User Security Settings and Permissions<\/strong>.<\/li>\n\n\n\n<li>Under<strong> Externally Managed Password<\/strong>, select the <strong>Password Authority<\/strong> from the dropdown menu.<\/li>\n\n\n\n<li>Click <strong>save user<\/strong>. They won\u2019t be able to change their password through JumpCloud. If the Password Authority is integrated with JumpCloud, the user will be able to change their password in the upstream application and the password will be allowed to synced to JumpCloud.<\/li>\n\n\n\n<li>The user will see a message in their user portal under <strong>Security<\/strong> &gt; <strong>Password<\/strong>, that says <strong>Your password is externally managed and can\u2019t be updated in JumpCloud<\/strong>.<\/li>\n\n\n\n<li>This change will be updated and made visible in a few different places in the admin portal:\n<ul>\n<li>On the <strong>Users<\/strong> list page, under the <strong>Password Status<\/strong> column, the user\u2019s password authority will be visible. It will say <strong>Password Externally Managed<\/strong> if their password authority is external.&nbsp;<\/li>\n\n\n\n<li>Once you click on a specific User and pull up their information page. Their password authority will also be listed directly under their <strong>profile<\/strong> &gt; <strong>Security Status<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Default External Password Authority<\/strong><\/h2>\n\n\n\n<p>You can restrict users from being able to change their passwords in JumpCloud by setting the password authority as an upstream integration, like Active Directory.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><p><strong>Note:<\/strong> This option will apply to all new users going forward. Any new users won\u2019t be able to set or update their passwords in JumpCloud. <\/p><\/div><\/div><\/div>\n\n\n\n<p><strong>To set the default external password authority from User Settings:<\/strong><\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/login\/admin\">JumpCloud admin portal<\/a>.&nbsp;<\/li>\n\n\n\n<li>Go to <strong>USER MANAGEMENT<\/strong> &gt; <strong>Users<\/strong>.&nbsp;<\/li>\n\n\n\n<li>In the top right corner, click <strong>Settings<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Under <strong>Default External Password Authority<\/strong>, click the <strong>Password Authority<\/strong> dropdown menu and select which password authority you\u2019d like to use (Active Directory, Federated Identity Provider, or SCIM Integration).&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>, then you\u2019ll be prompted to confirm your selection.&nbsp;<\/li>\n\n\n\n<li>Click <strong>Yes, Continue<\/strong>.&nbsp;<\/li>\n\n\n\n<li>You\u2019ll see the updated password authority on the Users list page under the <strong>Password Status<\/strong> column. If the user\u2019s password is externally managed, it will say \u201cManaged by (name of password authority)\u201d under the <strong>Password Status<\/strong> column.<\/li>\n<\/ol>\n\n\n\n<p>Once the Default Password Authority is set, all new users will have this setting applied on creation when no other value is provided.<\/p>\n\n\n\n<ul>\n<li>Users created via integration (Cloud Directory, SCIM, etc.) will always be created with the selected Password Authority.&nbsp;<\/li>\n\n\n\n<li>Users created via REST API will also always be created with the selected Password Authority <em>unless<\/em> a different (or is set to No) Password Authority is provided in the API call.<\/li>\n\n\n\n<li>Users created manually will have the Default Password Authority applied in the <strong>User Security Settings and Permissions <\/strong>section. This can be changed to a different (or is set to No) Password Authority.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Bulk Apply the External Password Authority<\/h2>\n\n\n\n<p><strong>To bulk apply the default external password authority for users:<\/strong><\/p>\n\n\n\n<ol>\n<li>From the <strong>Users<\/strong> list, select the checkboxes next to all of the users you\u2019d like to apply the password authority setting to.&nbsp;<\/li>\n\n\n\n<li>In the top right corner, click the <strong>More Actions<\/strong> dropdown menu, then select <strong>Set External Password Authority<\/strong>.&nbsp;<\/li>\n\n\n\n<li>On the next page, click the <strong>Password Authority<\/strong> dropdown menu and select which password authority you\u2019d like to use (Active Directory, Federated Identity Provider, or SCIM Integration).&nbsp;<\/li>\n\n\n\n<li>Click <strong>Save<\/strong>. This will apply to all users selected moving forward.&nbsp;<\/li>\n\n\n\n<li>You\u2019ll see the updated password authority on the Users list page under the <strong>Password Status<\/strong> column, and the <strong>Externally Managed Password<\/strong> column. If the user\u2019s password is externally managed, it will say True (or False if not), and \u201cManaged by (name of password authority)\u201d.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Externally managed passwords prevent password changes within JumpCloud, both by users and admins. When users password authority is set externally, [&hellip;]<\/p>\n","protected":false},"author":207,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2845],"support_tag":[],"coauthors":[2843],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Externally Managed Passwords - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Externally Managed Passwords\" \/>\n<meta property=\"og:description\" content=\"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-15T16:41:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"sashaharrington\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords\",\"url\":\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords\",\"name\":\"Externally Managed Passwords - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2024-01-17T23:32:39+00:00\",\"dateModified\":\"2024-05-15T16:41:02+00:00\",\"description\":\"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/externally-managed-passwords#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Externally Managed Passwords\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Externally Managed Passwords - JumpCloud","description":"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords","og_locale":"en_US","og_type":"article","og_title":"Externally Managed Passwords","og_description":"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.","og_url":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords","og_site_name":"JumpCloud","article_modified_time":"2024-05-15T16:41:02+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes","Written by":"sashaharrington"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords","url":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords","name":"Externally Managed Passwords - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2024-01-17T23:32:39+00:00","dateModified":"2024-05-15T16:41:02+00:00","description":"Learn how to configure externally managed passwords, which prevent password changes within JumpCloud, both by users and admins.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/externally-managed-passwords"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/externally-managed-passwords#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Externally Managed Passwords"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/99158"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/207"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/99158\/revisions"}],"predecessor-version":[{"id":110370,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/99158\/revisions\/110370"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=99158"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=99158"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=99158"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=99158"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}