# JumpCloud
### What you get
* **Live directory** — JumpCloud users and User Groups sync into Siit with profile attributes and group memberships.
* **Identity actions from any request** — add to group, reset password, reset MFA, directly from the request side panel.
* **Workflow-driven automation** — use JumpCloud actions in any workflow, with approvals where needed.
* **IT Agent native support** — JumpCloud actions are first-class in IT Agent playbooks.
### What syncs from JumpCloud
| Category | Fields |
| -------- | --------------------------------------------------------- |
| Identity | First name, last name, email, username, JumpCloud user ID |
| Profile | Job title, department, manager, location, employee type |
| Groups | User Groups, memberships |
| Status | Active / suspended |
Work email is the canonical identifier.
### Actions available
* **Add user to group**
* **Remove user from group**
* **Reset password** (sends reset email)
* **Reset MFA** (clears enrolled factors, forces re-enrollment)
* **Suspend user**
* **Activate user**
Actions are available from the request side panel, in workflows, and in IT Agent playbooks. Sensitive actions can be gated behind approvals.
### Note on device and system management
JumpCloud can also manage devices, SSH keys, LDAP, and RADIUS. Siit's integration currently focuses on **identity** (users, groups, password / MFA). If you rely on JumpCloud for device management and want those actions in Siit, reach out via in-app chat — we're collecting interest.
### Before you connect
* You'll need a JumpCloud **Administrator** account with at least the **User Admin with Billing** role (or higher) to generate an API key.
* Decide which admin's API key Siit will use. The integration inherits that admin's permissions.
### Connect JumpCloud
1. In JumpCloud, generate an API key:
* Sign in to the JumpCloud Admin Portal.
* Click your initials (top right) → **My API Key**.
* Click **Generate New API Key** (if you don't have one) and copy the key.
2. In Siit, go to **Settings → Integrations**.
3. Find **JumpCloud** in the IAM section and click **Connect**.
4. Paste the API key and your JumpCloud organization ID (visible under **Settings → Organization** in JumpCloud), then click **Authorize**.
5. Siit runs an initial import of users and groups.
6. Review the imported data and click **Finish setup**.
> **Tip** — API keys in JumpCloud are tied to a specific admin user. Use a dedicated service admin account rather than a personal one so the integration survives admin turnover.
### After the connection
* **Check your People list** — confirm user counts match JumpCloud's active users.
* **Scope the groups** — in **Settings → Integrations → JumpCloud**, you can scope which User Groups are synced if you only want a subset.
* **Try an action from a request** — open any request and use the side panel to add the requester to a group.
* **Build a workflow** — a classic starter: access request → manager approval → JumpCloud add to group → DM confirmation.
### Sync frequency
JumpCloud data refreshes automatically every few hours. Trigger an immediate refresh from **Settings → Integrations → JumpCloud → Sync now**. Actions run on demand, immediately, when triggered.
### Common workflows
**Access request.** *Trigger: Request submitted (service = "Request group access"). Actions: manager approval → JumpCloud add to group → DM requester.*
**Password reset (self-service).** *Trigger: Request submitted (service = "Reset password"). Actions: identity verification → JumpCloud reset password → close request.*
**MFA reset.** *Trigger: Request submitted (service = "Reset MFA"). Actions: manager approval → JumpCloud reset MFA → DM requester with re-enrollment instructions.*
**Day-1 onboarding (with HRIS).** *Trigger: Start date. Actions: JumpCloud add to baseline groups → notify manager.*
**Offboarding on end date.** *Trigger: End date. Actions: JumpCloud remove from all groups → suspend user → equipment pickup request.*
### IT Agent integration
JumpCloud actions are available inside IT Agent playbooks via slash commands:
* `/jumpcloud add to group`
* `/jumpcloud reset user password`
* `/jumpcloud reset user mfa`
See IT Agent for playbook examples.
### Troubleshooting
**Connection fails with "invalid credentials".** The API key is wrong, revoked, or the admin owning it has been deactivated. Regenerate in JumpCloud and update in Siit.
**Users missing from Siit.** Check whether suspended users are excluded (they are by default) and whether the admin's role has access to all user groups you expect.
**Group not visible in the action picker.** It's likely scoped out. Review group scope in **Settings → Integrations → JumpCloud**, or confirm the group exists in JumpCloud (User Group, not System Group).
**Reset password action didn't send an email.** JumpCloud sends the reset to the user's primary email; confirm the email is valid and the user's account is active.
**Action fails in a workflow.** Open the workflow run in **Workflows → \[workflow] → Runs** — the JumpCloud error response is shown inline. Common causes: admin role lacks MFA management permission, or the user is already suspended.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.siit.io/integrations/iam/jumpcloud.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.