There are three modes for managing users and groups in Morro Data:
- Morro Users Mode
- Active Directory Mode
- Azure AD Mode
- JumpCloud Mode
This section focuses on how to set your account to JumpCloud mode to manage your users.
Configure JumpCloud Account
To enable JumpCloud mode, you must have a JumpCloud account configured with the following information:
- Configure JumpCloud User
- Connect to JumpCloud LDAP
- Configure JumpCloud Users/Groups
JumpCloud User Setup
A user needs to have access to join the JumpCloud LDAP service. To enable a user to join JumpCloud LDAP:
- Click on the USERS tab.
- Select the user to join JumpCloud LDAP to open the User Manage page.
- In the DETAILS tab, scroll down to the section User Security Settings and Permission and click the arrow to expand the section.
- Select the option "Enable as LDAP Bind DN". This will allow the user to bind to and search the JumpCloud LDAP service.
JumpCloud LDAP Setup
The account needs to enable SAMBA access to use the CacheDrive as a mapped network drive.
- Click on the DIRECTORIES tab.
- Select the item JumpCloud LDAP.
- In the DETAILS tab, scroll down to the section LDAP Configuration and check the box "Configure Samba Authentication".
- From the SAMBA SERVICE ACCOUNT item, choose a user with LDAP Bind DN enabled to act as the "SAMBA SERVICE ACCOUNT"
JumpCloud Users and Groups
In order to use JumpCloud Users and Groups in Morro Data, the following requirements need to be met:
- Groups must have "Create Linux group for this user group" and "Enable Samba Authentication" enabled.
- If "Create Linux group for this user group" is not enabled, the group will not be imported into Morro Data
- If "Enable Samba Authentication" is not enabled, users that are members of this group will not be able to access the share from the CacheDrive.
- Users must belong to a group with "Enable Samba Authentication" enabled.
- Group must have a unique GID or else file permissions will not work properly.
Enable JumpCloud Mode in Morro Data
Change the authentication mode in the AUTHENTICATION tab on the Team page
- Go to the Teams page
- Choose the tab "Authentication" tab to change the authentication mode.
- Choose "JumpCloud" from the dropdown list next to Change mode to:
- Enter the JumpCloud settings to connect to JumpCloud
- ORG DN
- LDAP Bind DN
- LDAP Bind DN Password
- Click SWITCH TO THIS MODE to complete the process.
Manage Users and Groups in Morro Data
Once the account is joined to JumpCloud, the users and groups that were properly configured will be imported into the Morro Data system. You can verify the users and groups imported from JumpCloud in the Morro Data Teams page.
JumpCloud Users must be a member of at least one group. If a user is not a member of a group, the user will not be imported into Morro Data.
Note: JumpCloud users are all part of one hidden group that is the same name as the user. This group is filtered by Morro Data and will not be imported into Morro Data. The group will also not qualify for the minimum one group membership for the user to be imported.
Manage JumpCloud Mode
After joining JumpCloud, Morro Data administrators can modify the JumpCloud interface settings or sync users and groups again.
Use the RE-JOIN button if the LDAP Bind DN or Bind DN Password has changed to authenticate Morro Data with JumpCloud again.
SYNC USER/GROUP FROM JUMPCLOUD
Use the SYNC USER/GROUP FROM JUMPCLOUD button to update user/group membership.
Note: If user/group membership has changed in JumpCloud, the permissions will be based on the JumpCloud settings even if the Administrator has not manually clicked the SYNC USER/GROUP FROM JUMPCLOUD button.
For more information on how to Manage Users and Groups in Morro Data, refer to the articles in the folder Team
- The built-in Morro Data user "admin" cannot access the Team Portal, Morro Connect, or shares on the CacheDrive if there is not a JumpCloud user with the same name 'admin'
- If the LDAP Bind DN password or the Bind DN has been locked, users will not be able to access the Team Portal or the shares on the CacheDrive.
- If a JumpCloud user's passwords has expired or if the user's account has been locked, the user cannot access the Team Portal or shares on the CacheDrive.
- If the SID is changed in JumpCloud, the administrator must click SYNC USER/GROUP FROM JUMPCLOUD button to synchronize the changes, otherwise the user cannot access the share via samba.