This KB explains JumpCloud's user account status indicators.
Inactive users need to complete the activation process by following the instructions to set their password sent in the activation email.
Alternatively, a JumpCloud administrator can activate the account by specifying a password in the admin portal, or use the resend email option to send another email to the user so that they can set their own password.
These users can be bound to resources, but are unable to login until a password is set and the account is in an active state.
Active users can:
- be bound to any resources.
- can login with their current password.
- can change their password at any time using the user portal. They can also use the self service password reset option.
An expired user's password has expired. Passwords can expire because the Password Aging option's setting for password expiration has passed, or because an admin changed JumpCloud's password complexity requirements and forced users to update their password by a certain date.
Expired accounts are disabled from accessing all resources they are bound to, including email. Their systemuser record is set to "password_expired" : true
Users are sent an email with a password reset link that may be used if email access is not managed by JumpCloud. They may also use the self service password reset option.
Admins can reset their password in the Admin Portal, which sets the status back to active.
A locked account has exceeded the number of login attempts defined in the organization’s Security Settings. An account can be locked due to failed login attempts to the user portal or to a system endpoint.
After a series of failed login attempts, users are locked out of their account and all resources they are bound to with the exception of email.
Accounts can be unlocked several ways. If a user knows their password, the JumpCloud admin can unlock their account. See Unlock User Accounts.If a user doesn’t know their password, and has access to their email, they can reset it. If a user does not have access to their email, the JumpCloud admin can reset their password for them. See Resetting a User Password.
- It’s possible for a user to be expired and locked at the same time. In this situation, resetting a user’s password resets both states back to active. However, unlocking an account does not reset expired passwords.
- If a user of a Mac system with FileVault enabled gets locked out of their account, the login window doesn't automatically refresh after the account is unlocked. For the user to be able to log into their system after their account is unlocked, do one of the following:
- Restart the system.
- Login with another user on the system, such as the JumpCloud administrator, then log out.
- If name and password authentication is enabled, enter the user's username.
- For JumpCloud managed Linux systems, the user is unable to authenticate into the target machine until their account is unlocked.