This article covers using JumpCloud and LDAP mode to manage your users and groups.
To enable JumpCloud mode, you must do the following:
- Configure JumpCloud Account
- Enable JumpCloud Integration
- Manage Users and Groups
Configure JumpCloud Account
JumpCloud User Setup
To connect to JumpCloud LDAP services, configure a user account to bind to LDAP:
- Click on the Users tab in the JumpCloud management interface.
- Select the user to open the User Manage page.
- In the Details tab, scroll down to the section User Security Settings and Permission and click the arrow to expand the section.
- Select the option "Enable as LDAP Bind DN". This will allow the user to bind to and search the JumpCloud LDAP service.
JumpCloud LDAP Setup
The account needs to enable Samba access to enable SMB integration.
- Click on the Directories tab.
- Select the item JumpCloud LDAP.
- In the Details tab, scroll down to the section LDAP Configuration and check the box "Configure Samba Authentication".
- From the Samba Service Account section, choose a user with LDAP Bind DN enabled to act as the Samba Service Account.
JumpCloud Users and Groups
In order to use JumpCloud users and groups in Morro Data, the following requirements must be met:
- Groups must have "Create Linux group for this user group" and "Enable Samba Authentication" enabled.
- If "Create Linux group for this user group" is not enabled, the group will not be imported into Morro Data.
- If "Enable Samba Authentication" is not enabled, users that are members of this group will not be able to access the share from the CacheDrive.
- Users must belong to a group with "Enable Samba Authentication" enabled.
- Groups must have a unique GID or else file permissions will not work properly.
Enable JumpCloud Integration
Change the authentication mode in the Team -> Authentication page in MCM.
- Go to the Teams -> Authentication page in MCM.
- Click the Authentication tab.
- Choose "LDAP" from the "Change mode to:" dropdown.
- Enter the JumpCloud settings.
- Click "Switch to This Mode" to complete the process.
Manage Users and Groups
Once the account is joined to JumpCloud, the users and groups will be imported into the Morro Data system. You can verify the users and groups imported from JumpCloud in the Morro Data Teams page.
JumpCloud Users must be a member of at least one group. If a user is not a member of a group, the user will not be imported into Morro Data.
Note: JumpCloud users are all part of one hidden group that is the same name as the user. This group is filtered out by Morro Data and will not be imported. The group will also not qualify for the minimum one group membership for the user to be imported.
Manage JumpCloud Integration
After joining JumpCloud, Morro Data administrators can modify the JumpCloud settings or sync users and groups again.
Rejoin
Use the Rejoin button if the LDAP Bind DN or Bind DN Password has changed to authenticate Morro Data with JumpCloud again.
Sync User/Group From Server
Use the "Sync User/Group From Server" button to update user/group membership.
Note: If user/group membership has changed in JumpCloud, the permissions will be based on the JumpCloud settings even if the Administrator has not manually clicked the "Sync User/Group From Server" button.
For more information on how to manage users and groups in Morro Data, refer to the articles in the folder Team.
Microsoft 365 Integration
(Not available with OpenLDAP)
Allows SharePoint Sync to be used with JumpCloud as the identity manager.
Use the "Microsoft 365 Integration" button to connect to Microsoft 365. The admin will be redirected to the Microsoft authentication page. Enter the account credentials for a global admin.
Additional Information:
- The built-in Morro Data user "admin" cannot access the Team Portal, Morro Connect, or shares on the CacheDrive if there is not a JumpCloud user with the same name 'admin'.
- If the LDAP Bind DN password or the Bind DN has been locked, users will not be able to access the Team Portal or the shares on the CacheDrive.
- If a JumpCloud user's password has expired or if the user's account has been locked, the user cannot access the Team Portal or shares on the CacheDrive.
- If the SID is changed in JumpCloud, the administrator must click the "Sync User/Group From Server" button to synchronize the changes, otherwise the user cannot access shares via SMB.