This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Admin Sharing for 2FA

JCDavid
Iron II
Iron II
‎04-11-2024 12:00 PM

Adopting JumpCloud doesn’t only benefit users’ productivity. Administrators can leverage it in their course of work to share secure notes, passwords, payment cards, and even TOTP tokens among their team. Its built-in password manager includes shared folders (with auditability with traceability for compliance) that come in handy for IT teams to collaborate, securely, without point solutions. This walkthrough focuses on sharing TOTP tokens for account access.

There’s practical reasons for why this makes sense: a device that has your authentication app may be lost or stolen, or worse, someone may depart your team without a good transition. There’s always that one resource that not everyone requires (or can) have a license for. This is a safe, practical solution to that dilemma, and can save a lot of time and trouble down the road.

PWM has several advantages over existing password managers; the biggest is the way your data is stored and synced across devices. Also:  

  • Security risk is minimized by a hybrid cloud-based and offline approach to synchronization.
  • No master password to remember
  • JumpCloud Password Manager (PWM) can store and auto-fill TOTP tokens

Demo Overview

This walkthrough will demonstrate how to enroll users into PWM, create a shared folder, and to share TOTP tokens. We’ll also take a look at the admin side of things where you’ll have visibility into those activities. This will only take a few minutes. Let’s get started.

Prerequisites

To complete this tutorial, we recommend that you have completed the following walkthroughs (or have set up your instance with the appropriate assets on your own):

Demo Walkthrough

Step 1: Invite Admin User Accounts to PWM

Simulation: Enroll a User Group

pwm 1.png

  • Navigate to User Authentication > Password Manager in the left pane. 

get started.png

  • Click and follow the Get Started guide to enroll your admin group or go to the Users tab and click the green Edit Group Enrollment button.
  • Select the User Groups for enrollment.
  • Click Save to send the user invites.

user groups pwm.png

 

User Experience for Password Manager Enrollment

  • The user will receive a Password Manager Invite email, and will be prompted to Download Password Manager.

pwm-invite-email

  • The user will follow prompts to download and launch the application.

Note: Here is the download link, if needed.

  • Once the application is launched, the user will receive another email; this one contains a verification code to enter on the Verify Account page in the application.

 pwm-verification-code-email

  • Once the account is verified, the user will be prompted to create and confirm a PIN. The process is completed once a PIN is confirmed.

Resources:

Get Started with Password Manager

Enroll Users into Password Manager

Step 2: Create a Shared Folder and MFA Token

  • Log into PWM with your user account.
  • Use the + button from the top navigation area and select Folder to add a shared folder.

 perm.png

  • You will only have the option to select Shared if you have appropriate permissions from your admin.
  • Users and User Groups (if assigned to Password Manager by an admin) can be added to the folder.
  • Select the folder to edit the roles of users or user groups in a Shared Folder:
    • Folder Manager – has full control over the folder and can make changes to the users and items in the folder.
    • Item Manager – has control over the items in the folder (view, add, edit, and delete).
    • Folder Member – can only use the items in the folder.
  • If you have permission to share folders, you will be able to convert a personal folder to shared.

Step 3: Share Your Password and 2FA Token

2fa.png

  • Click on 2FAs in the left pane and then click the Add 2FA box. You may also hit the Plus sign and select 2FA.
  • Ensure that the credentials for your Service Provider (SP) are saved into PWM.

reg.png

  • Next, configure MFA under your SP’s security settings. We used a domain Registrar for this example. You won’t be able to scan a QR code into PWM; just select the option to obtain the 2FA secret.
    • Select the SP account credentials that you saved earlier under Link to an Existing Password.
    • Select the shared folder that you created for your team members.
    • Then, paste the 2FA secret into PWM. 
    • Click Save.

daddy.png

  • Use the TOTP token that’s generated in PWM to complete MFA setup with your SP. PWM may offer to insert the TOTP token during your next SP login.

 token.png

Resources:

JumpCloud Password Manager, Shared Accounts, and 2FA (YoutTube)

Step 4: Learn the PWM Administrative Console

This simulation will help to familiarize you with administrative elements of PWM.

Password Mananager (Simulation)

Resources:

https://jumpcloud.com/support/faq-jumpcloud-password-manager

Bonus Simulations

Enroll User Groups (Tutorial)

Password Manager (Simulation)

Password Manager Browser Extension (Tutorial)

Importing Data into JumpCloud Password Manager (Tutorial)

Final Results

You’ve learned how to use PWM to share 2FA tokens without compromising your security. The risk of a lost device, errant team member, or any other issues that could lock you out of a service has been controlled. You’re now in control of secure password, note, and 2FA sharing.

Get prepped now

Download PWM Chrome Extensions

Download PWM Desktop App

 

0 Kudos
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.

Popular Articles