Support Center

Connecting Users to Resources - Grant Access

All resources in JumpCloud are implicitly denied, which means that by default, users don't have access to a resource endpoint until they are explicitly connected to it either directly or through group membership.

User Connections

Access to resources may be granted by connecting a user to any of the following:
  • User Groups
  • Systems
  • Directories


User Groups - Connecting a user to a Group of Users is an organizational construct, no access is granted until that group has been connected to a resource. You can edit group membership in this view. 

Systems - Connecting a user directly to a system is good practice if this will be a 1:1 relationship. For example, if this is a single user being connected to their work system to which no one else will access. A user connected via a group can also be connected directly to the system to enable a custom permission to be set on that system only. UI behavior for group and direct connection is explained further on Getting Started: Systems. When a user is connected to a system, it either creates a new local user account or take over an existing account of the same username.

Directories - This can include G Suite, Office 365, and/or JumpCloud LDAP. These resources are generally accessed by groups of people, so direct connection on the user - while possible - generally isn't recommended. Rather, join the user to a group that has been granted access to the directory. A direct connection can't be made if the user is already connected to the resource via a group of Users.

Note: Activate G Suite or Office 365 in order to make them available in the list of Directories.
 

Group of Users Connections

Access to resources may be granted by connecting a User Group to any of the following:
  • Users
  • System Groups
  • Applications
  • RADIUS
  • Directories


Users - Connecting a user to a Group of Users is an organizational construct, no access is granted until that group has been connected to a resource. You can edit group membership in this view. 

System Groups - Connecting via system group is recommended when there is are one:many or many:many relationships. For example, a group of admins needs access to a production environment. All members of the user group will be granted access to all systems in the system group. When a user is connected to a system, it will either create a new local user account or take over an existing account of the same username. It's possible to be connected to the system both directly, and via group membership. UI behavior for group and direct connection is explained further on Getting Started: Systems.

Applications and RADIUS Servers - To grant access, a user must be a member of a group. You may create one or many Groups of Users to connect to one or many of the resource type. After the group is connected to the application, any member of that group will be allowed to log in.

Directories - This can include G Suite, Office 365, or JumpCloud LDAP to Create LDAP Groups. Connecting a group to a directory is possible even if a group member has already been granted access through a direct connection in the User details. 

Note: You need to first activate G Suite or Office 365 to see them in the list of Directories.
 
Connection Matrix

The following table illustrates which JumpCloud resources can be connected.

  User System User Group System Group
User   X
System   X
User Group X  
System Group X  

 - The resources can be connected.
X - The resources can't be connected.
 

Last Updated: Mar 13, 2019 03:30PM MDT

Related Articles
desk-forwarding@jumpcloud.com
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete