This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure Admin Portal with higher authentication assurance MFA methods - Now GA and Live ! (01/06/25)

karthicksriv
JumpCloud Employee
JumpCloud Employee

‎01-06-2025 01:51 PM - edited ‎01-06-2025 01:53 PM

Hello All,

I am pleased to announce the GA release of “Secure Admin Portal Login with Advanced MFA methods”. This feature aims to empower the admins to have a secure access experience with higher authentication assurance to the JumpCloud Admin Portal with key benefits that facilitate: 

  • Centralized Identity Management via ONE identity and Credential : Designating “User” as the primary identity and creating administrators with a role from existing users, alleviates credential/MFA management and the associated fatigue or security risks in maintaining them. 
  • Promote Security-First and Defense-In-Depth Behavior:  Zero Trust "Always-On" MFA and higher authentication assurance MFA factors mitigate the attack surface for a critical resource like the Admin Portal.
  • Simple and Secure Admin Authentication: Easy and secure login to Admin Portal with only User credentials and any MFA factors of choice beyond TOTP including phishing resistant MFA methods like WebAuthn, JumpCloud Go or Software based secure MFA like JumpCloud Protect Push or Duo Security.
  • Simplified account management : Single identity allows for simplifying account deprovisioning where admins accounts created from existing users are deleted automatically if the user account is deleted or easy removal of admin roles when needed, from existing users.

The Admin Experience

Giving an admin role to a user account allows privileged users in your organization to switch between their admin and user roles with a single set of credentials. Whichever MFA factors are applied to the user account are enforced when the user logs in to the Admin Portal. If the admin role is ever revoked, the user identity is preserved.

“Administrators with Billing” are enabled with the below key features:

  • Create New admins by assigning relevant admin role to existing users
  • Edit existing admins and assign the current admin role to the matching user
  • Assign higher authentication assurance factors to access Admin Portal with Phishing resistant JumpCloud Go, Web Authn with hardware based or Device Authenticator Security keys, Software based JumpCloud Protect Push or Duo Security
  • Monitor DI events based on just the User with their “role” and the “actions” performed

Note : The existing admins are not automatically converted into a single identity to matching users. Instead an in-product experience is provided to identify admin accounts who have matching users and a simple edit to transform them into a single identity.

👉 It is recommended that “Administrators with Billing” create new admins from existing users or transform their current existing admins to matching users, to take advantage of the advanced Phishing resistant MFA methods like JumpCloud Go, YubiKeys or Device Authenticators (WebAuthn) and strengthen the security of their Admin Portal.

Getting Started

As an “Administrator with Billing” access the Administrators page left navigation menu under “Settings -> Administrators”

Configuration Experience : 

Once you land into the administrators page, there are a couple of mainstream configuration experience changes presented to the administrators.

There are 2 options now when you add new administrators

    1. From Users - If you want to assign an admin role to an existing User
    2. As New - If you want to create non-human user accounts that need API keys access or secondary accounts of choicekarthicksriv_0-1736187156096.png
 

 

Existing customers who may have already created administrators before this feature was released, now can see visual and verbal cues to know if there are admin accounts that exist with matching users that can be transformed into a single identity to leverage Advanced MFA methods.

karthicksriv_1-1736187401535.png

Once the configuration is complete, an email is sent to the new administrators with their role and that they can access the admin portal with their User Credentials and MFA

Secure Access Experience : 

Once admins are created from existing users, if the users have MFA configured, they extend to the admins during access as a step-up MFA before gaining access to the Admin Portal. 

There are a couple of ways the admins access the Admin Portal today. 

  • Launch Admin Portal within an authenticated User Portal
  • Launch Admin Portal Directly via console.jumpcloud.com/login and select Admin Portal link

The “Administrators with Billing” can now configure higher authentication assurance MFA factors like the Phishing resistant JumpCloud Go, WebAuthn or JumpCloud Protect Push and have the users with administrator role, enrol to them. This ensures that privileged user identities have a secure way to log into the Admin Portal with advanced MFA factors to strengthen their access security.

 

Scenario 1 - Admin Portal is launched within an authenticated User Portal by a User with Admin Role and has MFA configured and enrolled

karthicksriv_2-1736187851891.png

 

Scenario 2 - Admin Portal is launched directly via console.jumpcloud.com/login and clicking on Admin Portal link,  by a User with Admin Role who has MFA configured and enrolledkarthicksriv_3-1736187924696.png

Access Removal or Auto Admin Deletion on User Deprovisioning Experience

By managing admins from existing users, account management is much more streamlined and simplified. Admin accounts are removed instantly when users leave the organization or admin roles can be removed from users based on need, when they move into different units within the organization. This reduces the attack surface, preventing unauthorized access to adversaries

  1. From the Edit Administrator panel, scroll to Account Settings.
  2. Click Actions and select Remove Admin Access.
 

 

karthicksriv_6-1736188171590.png

Documentation - https://jumpcloud.com/support/secure-admin-portal-logins  

FAQ - https://jumpcloud.com/support/faq-give-user-an-admin-role

 

0 Kudos
0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts

Keep up with Product News

Read our community guidelines

Ready to join us? You can register here.