Many platforms require different components or add-ons so that MFA will be available to secure all of your resources. JumpCloud is different.
Through the JumpCloud open directory platform, MFA can be implemented environment-wide, all from the cloud. This reduces administrative overhead and the expense of standing up servers or needing additional subscriptions (on top of what you’re already paying for).
JumpCloud leverages the best technologies that are available on devices from biometrics and security keys to TPM/Secure Enclaves for modern authentication if you deploy JumpCloud Go for managed users/devices. FaceID and Windows Hello are automatically leveraged, if they’re enabled.
Demo Overview
Let’s begin by setting up TOTP, which is useful for when there’s limited connectivity or as a backup method. You can specify the enrollment period for a soft rollout for existing users.
Push MFA is usually more user friendly, i.e. accepted, and we provide JumpCloud Protect app for free on Android and iOS to accommodate that requirement. We’ll show you how to set it up.
We’ll also share some tips and resources for a smooth deployment.
Let’s face it: you can face some resistance when you’re doing this. Traditional MFA can lead to user fatigue, which bad actors have taken advantage of when they’re attacking organizations. That’s why we also provide phishing-resistance with JumpCloud Go, a hardware-bound credential that secures your endpoints but is easier on users. We cover Go in another walkthrough, but it’s worth keeping it in mind as an option for cross-OS modern authentication.
Prerequisites
Not every step here is necessary to complete this tutorial. However, if you want to experience your evaluation of this (and other) feature as if you’re implementing the product, we recommend the following:
To complete this tutorial, we recommend that you have completed the following walkthroughs (or have set up your instance with the appropriate assets on your own):
Demo Walkthrough
Step 1: Prepare and Support Your Users
It’s important to have a plan. Learn about how to handle pre-rollout, implementation, and ongoing use of MFA in your organization. It may surprise you that the people may be more challenging than the technology.
JumpCloud offers training for both IT admins and end users; end-user training includes a course, guided simulations on user enrollment and user login, and support documentation to help users familiarize themselves with the tool, see it in action, and go back and reference support material when they get stuck.
Step 2: Require TOTP MFA for Users
To begin a soft TOTP MFA enrollment period from the more actions menu:
- Log in to the Admin Portal: https://console.jumpcloud.com/login.
- Go to USER MANAGEMENT > Users.
- Select the users you want to be in the enrollment period.
- In the top right, click more actions, then select Require User MFA.
- From the Require MFA on User Portal modal, enter the number of days users have to enroll in MFA.
- Click Require.
Optional: Forced MFA Enrollment
If you require MFA for your users with a Conditional Access Policy, users are forced to enroll in MFA the next time they log in. To require MFA for your users with a Conditional Access Policy, see Requiring MFA with a Conditional Access Policy.
Simulation: User TOTP MFA Enrollment
Step 3: Choose Other Authentication Methods
Push MFA
To configure Push MFA for your org:
- Log in to the Admin Portal: https://console.jumpcloud.com/login
- Go to Security Management > MFA Configurations.
- In the JumpCloud Protect Mobile Push area, select Enable.
- To require biometric User Verification, select Never, If Enabled on the Device, or Always Required from the dropdown.
Simulations: JumpCloud Protect User Enrollment, JumpCloud Protect User Login
JumpCloud Go™
JumpCloud Go enables secure passwordless authentication to JumpCloud-protected web resources on managed devices. Users can verify their identity using device authenticators with biometrics (Apple Touch ID and Windows Hello) versus password sign-in challenges. This improves security by simplifying the user login flow, reducing MFA fatigue, and minimizing password use. JumpCloud Go authentication also satisfies any User Portal MFA requirements.
JumpCloud Go provides instant revocation when a user status changes from “active” to “suspended”. That’s possible because the Open Directory platform has integrated identity and device management.
Tutorial: Using JumpCloud Go
Bonus Simulations
Experience the user experience for yourself before committing to a deployment. This will make it easier for you to support your users and ensure that your project goes smoothly.
Simulation: User Portal MFA TOTP Login
Simulation: User Portal MFA WebAuthn Login
Simulation: Mac MFA Encryption Login
Simulation: Windows MFA Password Reset
Simulation: Windows MFA Login
Simulation: Linux SSH MFA Login
Final Results
It’s important to use MFA as broadly as possible. You’ve learned how to meet that objective using JumpCloud and how JumpCloud streamlines MFA deployments to all resources. MFA doesn’t do organizations any good if it’s not being used. We make it easier to use. Everywhere.
Get prepped now
JumpCloud Protect can be used to log into the Admin Portal, User Portal, or devices (Windows, Mac, Linux). Before your users can use the JumpCloud Protect mobile app, you, as an administrator, must enable it.
