Showing results for 
Search instead for 
Did you mean: 

JumpCloud RADIUS Certificate Based Authentication is now Generally Available and Free for All Organizations!

JumpCloud Alumni
JumpCloud Alumni

I’m pleased to announce the general availability (GA) of JumpCloud RADIUS Certificate Based Authentication (RADIUS CBA). RADIUS CBA empowers IT admins to enforce certificate based authentication on users requesting access to resources via Wi-Fi or VPNs. From the user perspective, RADIUS CBA allows users to authenticate without any input (frictionless).

Consistent with JumpCloud’s open directory principles, RADIUS CBA offers IT administrators the flexibility to  manage the lifecycle of their certificates anywhere.

JumpCloud RADIUS CBA is now part of the base RADIUS offering and is free for any organization currently using Jumpcloud RADIUS. 

BYOC Main screen.png

Key Capabilities:

  • Bring your own certificates (BYOC) – IT administrators can import the Certificate Authority (root certificate trust chain) into RADIUS CBA for authentication. 
  • Multilayer User Authentication – Before allowing user access, RADIUS CBA authenticates the good standing of a certificate (expiration, origin, and revoke status), compliance to one of three JumpCloud user certificates supported (Email user identifier in Subject Alternative Name field, Email user identifier in Distinguished Name field, or Username user identifier in Common Name field), the user status in JumpCloud directory, and finally the user certificate location (must be located on target client device).
  • Password as an alternative to certificates – RADIUS CBA allows administrators to use credentials as an initial alternative to certificates .This capability enables the gradual migration to certificate based authentication. Users can initially authenticate using their Username/Password then transition to certificates.
  • Certificate Status check during Authentication - RADIUS CBA supports validating the good standing of a certificate on every authentication transaction via the Online Certificate Status Protocol (OCSP).
  • User groups – The traditional user group association capability and assignment to RADIUS AP is also available with certificates. Groups leverage JumpCloud’s attribute-based access control (ABAC) to automate identity lifecycle management.

Benefits to Direct Customers:

  • Manage Certificate Lifecycle Anywhere. The RADIUS CBA allows IT administrators to import their certificates into RADIUS for certificate validation during authentication. The certificate lifecycle management and delivery to target endpoints is achieved using any tool in the industry compatible with the X.509 standard.
  • Frictionless User Authentication: Once the certificate has been installed into the target device, JumpCloud users can enjoy a zero contact authentication experience.
  • Easy transition to Passwordless: Users can initially authenticate using the traditional credentials (Username/Password). However, after the first successful credential authentication and if a valid user certificate is found on the client device, Certificate Based Authentication instead. 

Learn more about RADIUS CBA from the following resources: