[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

FAQs - G Suite User Provisioning and Sync

The following are Frequently Asked Question regarding JumpCloud's G Suite User Provisioning and Sync Feature.

Integration FAQs

Q: What is the method JumpCloud uses to connect to G Suite

A: JumpCloud Utilizes OAuth to secure and persist in its connection with Google to perform our integration tasks. Integrations logs detailing the G-Suite JumpCloud OAuth connection can be seen within the Google Admin portal under the "Reports > Token" report.

Q: Can I use G Suite's MFA with JumpCloud?

A: Yes. The use of G Suite's MFA is supported in JumpCloud.  JumpCloud's MFA can also be used in conjunction with G Suite's MFA if both layers are desired.

Q: Will G Suite users created through the JumpCloud / G Suite integration be created with G Suite licenses?

A: Users created via the JumpCloud / G Suite integration will follow the "Auto-Licensing" rules configured within the G Suite admin console. These settings can be seen in the "Billing" section of the G Suite admin console.

Q: How can I see a report on the actions coming through the JumpCloud / G Suite integration

A: Within the Google Admin portal all events occurring via the JumpCloud / G Suite integration are logged in the "Reports > Admin" report. Events are logged under the admin account that authorizes the OAuth connection in JumpCloud. It is best practice to create a dedicated G Suite admin account to authorize the JumpCloud / G Suite OAuth connection. 

Q: When I deactivate my connection with G Suite from JumpCloud, what happens to the user accounts in Google?

A: When the OAuth session is deactivated in JumpCloud, all users in Google will remain ‘Active’ and functioning. Within JumpCloud, all User accounts will remain Active as well.  All accounts will be unbound from the G Suite Directory. When and if the products are-reactivated, the admin will need to re-bind the users to the G Suite Directory to re-establish the connection and ownership-control of the accounts in Google. 

Q: I currently use the Active Directory Bridge to import users from AD. Can I use JumpCloud's G Suite User Provisioning or Office 365 at the same time?

A: While this was previously not a supported configuration, use of the Active Directory Bridge can indeed be used when either Google Apps or Office 365 User Provisioning are enabled.

Q: Can JumpCloud allow an administrator to manage multiple email domains?

A: Yes. JumpCloud can manage email addresses in different domains as long as the email accounts are managed from the same Google admin console. Need help? See the G Suite Multiple domains FAQ

Q: Can JumpCloud allow an administrator to integrate with multiple G Suite Accounts?

A: At this time, only one master Google account can be integrated with JumpCloud. A single Google account can manage email accounts for multiple domains.

Q: Can my avatars uploaded in Google be migrated to JumpCloud?

A: At this time, JumpCloud can not import Avatars into JumpCloud's user accounts. 

Q: Can the G Suite and Office 365 Directory integrations be used in tandem, and if so, what configuration requirements are needed?

A: The G Suite and Office 365 Directory integrations can be used together to successfully synchronize both service providers with JumpCloud.  The directory integrations utilize the user's email address as the unique identifier for synchronization.  Due to this architecture, your domain records may need to be mapped so that the same email address is used between all service providers.  For more information refer to the follow vendor-specific documentation:

Add a domain to Office 365
Add a domain to G Suite


Importation FAQs

Q: What happens during import when a user exists in G Suite and we already have a ‘matching’ user in the JumpCloud Directory?

A: Upon import, you will see a failure for this user to import as the account with the same email already exists. 

Q: When I am importing users from G Suite, why do I see suspended users and accounts I have previously imported?

A: JumpCloud's Google synchronization UI displays all of your Google users regardless of whether they are suspended and/or previously imported. We will provide filtering mechanisms in the future. 

Q: Can I import Organizational Units and Groups from G Suite to JumpCloud

A: At this time, only user accounts are supported between JumpCloud and G Suite. OU and Group membership management should continue to be managed in Google directly. 

Q: We have multiple JumpCloud Administrators using the Admin Console. Do they each need to log into Google to do Import tasks? 

A: No. Once the Super Admin credentials have been authenticated, the connection to G Suite, regardless of Administrator, can perform importation and provisioning tasks. 

Q: When importing from GSuite, what data will be imported and where will it be stored within JumpCloud?


















For organization with primary=true



For externalId with type=”organization”



For organization with primary=true



For organization with primary=true






For organization with primary=true





































Provisioning FAQs

Q: Can I prevent the automated email from being sent to my employees when I bind them to G Suite?

A: While an admin can prevent a Welcome email from being delivered to the end user when creating the account inside of JumpCloud by specifying an initial password (Getting Started: Users), binding a user to G Suite will send an email to the employee. We recommend educating the employee base first before binding them to G Suite so the email is expected. 

Q: After creating and immediately importing an account from Google to JumpCloud, and providing this user with a temp password in Google, my user's indicate their passwords must be changed in Google. What causes this?

A: This is generally caused by the setting within the Google User Account “Require user to change password at next sign-in” being set to true. This is found in the individual User’s “Account” settings within Google. It is advised that this setting be turned to false; JumpCloud will act as the authoritative source of password synchronization, and all password changes must originate from it. Users can then reset their strong password in JumpCloud, and log in with those credentials. 

Q: When provisioning users from JumpCloud to G Suite, why are users immediately placed into a 'Suspended' state?

A: If you are utilizing a G Suite trial account, this is a known limitation for API-created users until your instance is upgraded to a paid account.  In order to remove the 'Suspended' user state on a newly created G Suite account, the user must attempt login to the account in order to complete Google's verification steps.  This is to prevent malicious activity on trial accounts, and require that users complete validation prior to being placed into an 'Active' state. 

Synchronization FAQs

Q: How can I suspend an account in G Suite?

A: The administrator can unbind the user from the G Suite directory in JumpCloud, which will trigger the user in Google to be suspended. Re-binding the user will re-activate the User in Google.  

Q: When I delete an account in Google, what occurs in JumpCloud?

A: The user remains unchanged in JumpCloud. If you wish to remove the user from JumpCloud, these actions must be performed manually in the JumpCloud console. PLEASE NOTE: Should the user need to be re-provisioned from JumpCloud to Google, Google will often require up to 4-5 days until they release the same email address to be re-used again. 

Credentials FAQs

Q: How does JumpCloud’s Password Complexity work with G Suite?

A: JumpCloud's Password Complexity works with G Suite synced users just as with any other JumpCloud user and wherever their credentials are emitted to and being used. Any attempt by a JumpCloud user to change their password in the JumpCloud console to one that does not meet JumpCloud's complexity requirements will fail. This does NOT, however, prevent the user from changing their password in their Google account to a non-compliant password. But since JumpCloud is the password authority, any change to the user in JumpCloud will overwrite the non-compliant password in Google with the compliant JumpCloud password.

Note that when synchronizing between JumpCloud and G Suite, the password must be compliant with Google's name and password guidelines.

Q: What happens when a JumpCloud user has their password expire due to JumpCloud’s password complexity requirements?

A: The user’s Google account is suspended, blocking the user from accessing their account. The admin must set a new password for the user in JumpCloud to re-activate the user’s Google account.

Q: Can an employee change their password within G Suite? 

A: Employees can change their password from G Suite's password change system- We suggest referring to: Forcing Users to Change Their G Suite Password in JumpCloud to prevent this.

Last Updated: Jun 04, 2019 01:37PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found