JumpCloud Go™ is a hardware-protected and phishing-resistant passwordless login method that allows users seamless access to JumpCloud-protected web resources from managed devices. JumpCloud Go is supported on MacOS and Windows and integrates with device biometric authenticators (Apple Touch ID or Windows Hello) to satisfy traditional password sign-in challenges. Users experience minimal interruptions with JumpCloud Go, and are prompted for input only when required. This simpler and more secure login experience drastically reduces exposure to cyber attacks, improving both security and productivity.
In order to use JumpCloud Go users must be working from JumpCloud Agent managed devices that have a JumpCloud Go browser extension installed. The JumpCloud Agent can be used alongside any device management tool and is not dependent on organizations utilizing JumpCloud for full device management. Organizations can deploy the required browser extension effortlessly using JumpCloud policies or leverage JumpClouds deep integration with Chrome Browser Cloud Management to facilitate and enforce extension installation in Chrome via the Google Admin console. Passwordless login is facilitated by integrations with device biometric authenticators, such as Apple Touch ID or Windows Hello, which combined with JumpCloud Go allows users to satisfy traditional password sign-in challenges without inputting a username or password.
At launch JumpCloud Go is supported within Chrome on Windows/Mac workstations. Additional browser and Linux support is coming soon.
JumpCloud Go uses phishing-resistant technology to reduce an organization's exposure to: phishing, credential theft, or 2FA bypass cyber attacks. User sessions are issued only after requests are cryptographically verified by a hard-ware protected secret and the JumpCloud login service.
JumpCloud Go enables passwordless login to JumpCloud-protected web resources from JumpCloud managed and trusted devices.
Users enjoy a passwordless and secure multifactored login experience to all of their JumpCloud web based resources using JumpCloud Go. Users gain significant time back when they are not constantly required to authenticate using a password and higher friction MFA factors to access organizational resources.
High MFA Authenticator Assurance
Users use hardware-protected managed device-bound authenticators on MacOS and Windows combined with JumpCloud Go to satisfy sign-in challenges. By integrating with device authenticators on trusted and managed devices, JumpCloud Go authentication always represents two authentication factors satisfying “Proof of Possession” and “Knowledge" or "Inherence” factors each time it is used.
Simpler and Safer Employee Experience
The JumpCloud Go user login experience is simpler and more secure for users and seamlessly promotes safer login habits while reducing authentication fatigue. JumpCloud Go significantly reduces the amount of login prompts users face daily and saves organizations valuable time. IT organizations benefit from less end user support requests related to assisting users with lockout, password, or account recovery issues.
3rd Party MDM & EMM Compatible
JumpCloud Go can be used with any device management tool. Pair it with JumpCloud MDM or integrate it with any enterprise mobility management (EMM)/mobile device management (MDM) solution.
Find steps for enabling and using JumpCloud Go below
Feature Enablement & Admin Experience
End User Experience
Sharing the outcome of a DM with @rjordan surrounding his testing experience with JumpCloud Go.
During the first login with JumpCloud Go registration occurs..
This is the first (and last) login users do and is a traditional auth to the user portal
After this the passwordless magic kicks in
To see/test the passwordless magic in real time, and not wait out the 12 hour timeout, the following steps can be used.
After logging in with JumpCloud Go and when at the user portal
This will jumpstart and trigger the "Passwordless Login" flow in real time.
Thanks Scott! I'll reach out more here in the community. After last week's episode it was a nice reminder for me to be looped into the latest/greatest JC here and give feedback, ask questions, etc.
What options are available on Windows devices if you have Windows Hello disabled org wide due to its many security vulnerabilities, the biggest of which is it enables users to bypass JumpCloud MFA requirements. I have 1,000+ endpoints in my org and in order to follow what we have committed to via compliance and agreements with our partner orgs, we had no choice but to disable Windows Hello.
JumpCloud Go is not dependent on Windows Hello. Windows Hello is what can make the daily user verification step passwordless for end users. For users/organizations that have disabled Windows Hello (or do not have it configured) the daily user verification step after Go registration differs to the configured Sign-in options on the Windows device (which in your case would be a a password only). This means that users would register for JumpCloud Go using their JumpCloud password (and any configured user portal MFA policies) and then each day input their password once (prompted & authenticated by the device locally via the WIndows Security app) to use their device bound JumpCloud Go credential for passwordless authentication.
If you want to test this out in real time follow the steps two posts up (Sign in via JC Go, restart JumpCloud Agent Service, clear cookies) and you'll experience the daily user verification flow that will be triggered by the "Windows Security" app and a locally authenticated password.