JumpCloud
JumpCloud is a cloud-based directory platform that provides secure identity, access, and device management solutions for organizations.
Verdict
Common use cases
- Audit which users belong to admin groups
- Remove unused roles after org restructure
- Check if a device is enrolled
- List recent user account changes
- Verify group membership during access reviews
Integration
- Vendor
- JumpCloud
- Category
- other
- Auth
- API_KEY
- Tools
- 2
- Composio slug
jumpcloud
Tools
- Create System
Tool to register a new system. Use when attempting to create a system via API. Note: JumpCloud does not support system creation through its REST API. Use agent installation to enroll systems.
- Delete Roledestructive
Tool to delete a specific JumpCloud role by its ID. Use when you need to remove a role after confirming the ID. Call only after ensuring the role is no longer assigned.
Setup
Setup guide
- 11. In Switchy, open your workspace settings and navigate to the Integrations tab. 2. Search for JumpCloud in the MCP directory and click Connect. 3. You'll be prompted to paste a JumpCloud API key — generate one by logging into your JumpCloud admin portal, going to Administrator > API Settings, and creating a new key with read and write permissions for Users, Groups, and Roles. 4. Copy the key and paste it into Switchy's connection dialog, then click Authorize. 5. Switchy confirms the connection by testing a lightweight API call. 6. Open any Space and type '@JumpCloud list all active users' to verify the integration responds with your directory data. 7. If the response is empty or errors, double-check the API key's scope includes the resources you want to query.
What teammates see: by default, memories from JumpCloud are scoped to the Space (PROJECT visibility) - you can mark any memory PRIVATE or share it ORG-wide.
Works well with
Top models
Compatibility data appears once enough Spaces have used this MCP together with a given model.
How Switchy teams use it
Starter prompts
Audit Admin Access
@JumpCloud show me every user who belongs to a group with 'admin' or 'privileged' in the name, and include when each user was added to that group.Open in a Space →
Clean Up Stale Roles
@JumpCloud list all roles that currently have zero users and zero groups assigned, then delete any role named 'Contractor-2023' if it appears in that list.Open in a Space →
Check Device Enrollment
@JumpCloud check if a system with hostname 'macbook-jane-doe' is enrolled, and if so show me its last contact time and assigned user.Open in a Space →
Recent Account Changes
@JumpCloud show me all user accounts created or updated in the last seven days, including who made the change if that metadata is available.Open in a Space →
Verify Group Membership
@JumpCloud tell me every group that user 'john.smith@company.com' is a member of, and highlight any groups with 'VPN' or 'AWS' in the name.Open in a Space →
Example outputs
Illustrative - representative of the model's voice and quality, not literal recordings.
@JumpCloud list all active roles in our directory and show me which ones have admin privileges
Based on the available tools, I cannot directly list roles. The JumpCloud MCP currently exposes only role deletion and a system-creation stub (which notes that system enrollment requires agent installation, not API calls). To retrieve active roles and their privilege levels, you'd need to use JumpCloud's web console or a separate API client with read permissions for the roles endpoint.
This example highlights a key limitation: the MCP's current tool set focuses on destructive operations (delete role) and documents that system creation isn't API-supported. Read-heavy workflows like listing or inspecting roles aren't yet exposed, so teams should verify the MCP's tool coverage matches their use case before relying on it for discovery tasks.
@JumpCloud delete the 'Contractor-ReadOnly' role since we've migrated everyone to the new RBAC structure
I've called the Delete Role tool with the role ID you'll need to provide (JumpCloud roles are identified by a UUID, not a human-readable name). Once you confirm the ID—say, `5f8a3b2c1d4e6789abcdef01`—the MCP will issue the deletion request. Note that this action is immediate and irreversible; ensure no users or systems are still assigned to this role, or their access policies will break.
This demonstrates the MCP's write capability, but underscores a critical workflow gap: you must obtain the role ID externally (via the JumpCloud console or another API call) before invoking the tool. The MCP doesn't validate whether the role is still in use, so pre-deletion audits are the user's responsibility. Mistakes here can orphan access policies.
@JumpCloud I need to onboard 15 new developer laptops—walk me through the process and confirm if you can automate the system registration
The Create System tool explicitly states that JumpCloud does not support system creation via its REST API. To enroll new devices, you'll need to install the JumpCloud agent on each laptop (available for Windows, macOS, and Linux). The agent handles registration automatically once it connects to your organization's tenant. I can't automate the API-based enrollment, but I can help you draft deployment scripts or documentation for your IT team to streamline agent installation across the 15 machines.
This example showcases the MCP's transparency about API boundaries—it documents what JumpCloud's platform doesn't support rather than failing silently. Teams expecting full device lifecycle automation will need to pair this MCP with configuration management tools (Ansible, Intune) that handle agent deployment. The MCP's value here is advisory, not transactional.
Use-case deep-dives
When JumpCloud MCP speeds up role teardown for departing contractors
A 6-person startup offboards 2-3 contractors per quarter and needs to revoke their JumpCloud roles without opening the admin console. The Delete Role tool works if you already know the role ID from a prior audit or CSV export—Switchy can script the removal in a shared runbook so any team lead can execute it. The catch: this MCP doesn't list or search roles, so you need the ID upfront. If your offboarding checklist already tracks role IDs in a spreadsheet, this MCP turns a 4-step manual process into a one-line command. If you're discovering roles on the fly, you'll still need the JumpCloud UI for the lookup step. Best for teams with structured offboarding docs who want to delegate the final delete action.
Why the Create System tool won't replace your agent install docs
A 10-person ops team wants to automate new-server onboarding into JumpCloud from Switchy. The Create System tool exists in this MCP, but JumpCloud's API explicitly blocks system creation—you must install the agent on the target machine instead. This means the tool is a documentation placeholder, not a working automation. If your team is writing onboarding runbooks in Switchy, you can reference the tool to remind people that agent installation is required, but you can't script the enrollment itself. The MCP is honest about this limitation in the tool description, which is useful for setting expectations. Skip this integration if your goal is hands-off system provisioning; use it only if you need the role-deletion piece and want a single JumpCloud connection for future tooling.
JumpCloud MCP fits narrow compliance workflows, not broad audits
A 12-person SaaS company runs quarterly access reviews and needs to delete unused JumpCloud roles flagged by their compliance lead. The Delete Role tool handles the teardown step cleanly—once the lead exports a list of stale role IDs from JumpCloud's UI, the team can batch-delete them in Switchy without toggling between tabs. The workflow assumes you're doing the discovery and approval outside this MCP, since it doesn't list users, roles, or assignments. If your compliance process is already CSV-driven and you just need a faster delete mechanism, this integration saves 10 minutes per review cycle. If you need to query role membership or search for orphaned accounts, you'll hit the MCP's 2-tool ceiling immediately. Works for the last mile of a manual audit, not the full loop.
Frequently asked
What does the JumpCloud MCP do in Switchy?
It connects your JumpCloud directory to Switchy's AI workspace so you can manage roles and query system data without leaving the chat. The MCP exposes two tools: deleting roles by ID and attempting system registration (though JumpCloud's API doesn't support system creation—you still need the agent for that). Use it when you want AI-assisted directory hygiene or quick lookups.
Do I need admin access to connect JumpCloud?
Yes. You'll generate an API key from your JumpCloud admin console, which requires administrator privileges. The key inherits your permissions, so if your account can delete roles or read system data, the MCP can too. Store the key in Switchy's credential vault—it's scoped to your workspace, not shared across the entire org.
Can the JumpCloud MCP create new users or systems?
No. JumpCloud's REST API doesn't support system creation (you must use the agent installer), and this MCP doesn't expose user-creation tools. It's limited to role deletion and system queries. If you need to provision users or systems, do that in the JumpCloud console or use their agent deployment workflow.
Why use this instead of the JumpCloud web console?
Speed and context. If you're already in Switchy coordinating onboarding or offboarding, the MCP lets you delete a role or check a system's status without tab-switching. It's not a replacement for bulk operations or policy config—those still belong in the console. Think of it as a shortcut for repetitive directory tasks during a chat.
Who on the team should connect JumpCloud to Switchy?
Your IT admin or whoever manages JumpCloud day-to-day. They'll generate the API key and paste it into Switchy once. After that, anyone in the workspace can invoke the MCP tools (subject to your JumpCloud permissions). If you rotate keys quarterly, the same person should update the credential in Switchy's vault.