Note: JumpCloud Protect is designed to operate on Android 8 and iOS 13 and higher. It may operate on older versions, but they are not supported by JumpCloud.
If your JumpCloud administrator enables it, you can download the JumpCloud ProtectTM mobile app to secure your accounts using Multi-Factor Authentication (MFA) or 2-step verification. The app can be downloaded from the iOS App Store or the Google Play Store. Once you have downloaded the app and successfully enrolled your device, you can authenticate using Push MFA or Verification (TOTP) Code MFA.
JumpCloud Protect sends a push notification to your enrolled mobile device after you’ve attempted to access a resource with your username and password. If User Verification is set to required, the login request will not complete without it (Face ID, fingerprint, or passcode). When you tap the notification on your device, you’re asked to approve or deny the login request. When you tap approve, you gain access to your resource. When you tap deny, the login request will be declined. This prevents bad actors from accessing your account.
Note: A Push notification is valid for 60 seconds before the User Portal will time out in which case the user will need to initiate the Push notification process again. If the user responds to an expired Push notification on the device an error will appear.
You can use JumpCloud to log into the Admin Portal, User Portal, or into your Windows, Mac, or Linux devices.
Considerations
- The JumpCloud Protect app supports iOS version 13 and above, and Android 8.0 and above.
- The JumpCloud Protect app may run on a tablet but is not optimized for tablets at this time.
- A user can only be enrolled in JumpCloud Protect on one device.
- Mobile Push is supported for authentication into the User Portal, SAML SSO applications, device logins, and for Password Reset.
- Protect will collect certain diagnostic and usage data for troubleshooting issues and continuous app improvements. There is no user information collected. Although these options default to on, users can turn off data collection on the app:
- Tap More > Settings > Privacy to display options for turning off Share Diagnostic Data and Share Usage Data.
Setting Up JumpCloud Protect
If your organization is using JumpCloud Protect for their MFA, follow the steps below to complete initial setup.
To set up the JumpCloud Protect app:
- Log into your JumpCloud User Portal: https://console.jumpcloud.com/login.
- Navigate to Security > Multi-factor Authentication > JumpCloud Protect Mobile Push > Enroll Device.
Note: When you log into your User Portal, you may be prompted to activate MFA without navigating to the Security screen.
- Download the JumpCloud Protect App from the iOS App Store or the Google Play Store. You can do so in one of three ways:
- Search for “JumpCloud Protect” in the Google Play Store on Android devices or the App Store on iOS devices.
- Use the links provided in the notification screen to remotely download the app to your device.
- Click View QR Code to Launch Google Play Store or App Store to display a QR code that your phone’s camera can use to link directly to the app download.
- Once the JumpCloud Protect app is downloaded, open it on your device.
- Introduction information displays. Tap Next and then tap Get Started.
- Alternatively, you can tap Skip to skip the messages. These messages can be displayed at any time using the “More” screen.
- Choose to allow the app to send notifications.
- Tap + Add Account.
Note: JumpCloud Protect supports both Push MFA and TOTP MFA. However, you must enroll in each form separately.
- You will be prompted to give the app permission to use your phone’s camera. Allow it.
- You will be directed to scan a QR code in your JumpCloud User Portal. Back in the User Portal, click I Have the App.
- Alternatively, you can click Enter Code Instead to view the account details and manually enter them in the JumpCloud Protect app.
- Scan the QR code in the JumpCloud Protect app.
- A green checkmark displays, indicating that the device has been verified. Click done in both the JumpCloud Protect app and the User Portal.
Note: If JumpCloud Protect is not in the foreground when you complete this process, you will receive a push notification that you must tap for the process to complete.
Transitioning to JumpCloud Protect from a Previous Authenticator
If you are already using a different authenticator to verify your identity through Verification Code (TOTP) MFA and want to transition to JumpCloud Protect, you can do so by:
- Log in to your user portal: http://console.jumpcloud.com.
- Navigate to Security.
- Click Reset TOTP.
- In the screen that appears, enter the verification code from your current authenticator and click Clear TOTP Settings.
- A QR code will display. In the JumpCloud Protect app, tap the + button.
- Scan the QR Code.
- Enter the code and click Submit.
Authenticating with JumpCloud Protect
If your organization has enabled JumpCloud Protect for your account, and if you have enrolled your device, you will receive a push notification on your device when you attempt to log into a resource secured by your JumpCloud admin. If User Verification is set to required, the login request will not complete without it (Face ID, fingerprint, or passcode). Select Approve on your device to log into the resource. Select Deny on your device if you are not the one who requested the notification.
Resetting Your Password with JumpCloud Protect Push
To reset your password from the User Portal Login screen:
- Go to the JumpCloud User Portal: https://console.jumpcloud.com.
- Click Reset User Password.
- Enter your company email address and click Send Reset Request.
- Click the secure link that has been sent to the email address you entered.
- Enter your new password in both password fields and click Reset Password.
- Optional. If you only have one form of MFA enabled for your account, you will proceed to the next step. If you have multiple, select JumpCloud Protect Mobile Push.
- Click Send Password Reset Request to Mobile Device.
- On your device, approve the request.
Once you complete the authentication, your password will be reset and you’ll be able to log in.
Step-Up Authentication with JumpCloud Protect
You can use JumpCloud Protect as your Step-Up Authenticator as well. Step Up Authentication is required when you’ve logged into your User Portal and you need to access an application that requires an additional layer of security through a second authentication factor.
To log into an application that requires Step-Up Authentication:
- Log into your User Portal: http://console.jumpcloud.com.
- Click the application you wish to access.
- Select JumpCloud Protect from the list of available MFA options.
- When the request comes into your mobile device, approve the request.
Note: Denying the request logs you out of your JumpCloud User Portal. This is to keep bad actors from accessing applications and data they shouldn’t be able to.
Once you approve your request, you will have access to the application.
Using JumpCloud Protect’s TOTP for Other Applications
Note: JumpCloud Protect supports both Push MFA and TOTP MFA. However, you must enroll in each form separately.
When you open the JumpCloud Protect app, you see a list of the accounts you have set up for MFA. This list either shows the Verification Code for the account with a timer indicating when the code will expire, or the fact that the account is registered for Push MFA. See below:
Tapping on the code itself will copy the code to the device’s clipboard. Tapping anywhere else opens the Account Details screen.
“More” Screen
At the bottom of the JumpCloud Protect screen, there is a More button. Tapping it gives you two options:
- Settings: Displays the data collection options, display options, current JumpCloud Protect app version, and the Terms and Service/Privacy notice.
- Tap Settings > Privacy to display options for turning off Share Diagnostic Data and Share Usage Data. These options default to on.
- Tap Settings > Display to display options for Light Mode, Dark Mode, and System. Selecting System will match the display setting of the device.
- Help: Contains links to articles from JumpCloud’s online help.
Deleting an Account from JumpCloud Protect
If you no longer need one of the accounts you have set up with your JumpCloud Protect mobile app, you can delete it. To do so:
- Open the JumpCloud Protect mobile app on your device.
- Tap the name of the account you want to delete. This brings you to the Account Details screen.
- Tap Delete Account.
- Tap Delete in the window that appears.