4.2k

All integrations
JumpCloud
Identity providers

Cerbos authorization for JumpCloud

JumpCloud provides a cloud directory with SSO, LDAP, RADIUS, and cross-platform device management. Cerbos uses JumpCloud's user groups, OIDC token claims, and directory attributes to evaluate fine-grained authorization policies at the application layer.

Directory attributes as policy inputs

Directory attributes as policy inputs

Use JumpCloud user attributes and group memberships from OIDC tokens as principal attributes in Cerbos authorization policies

Cloud directory integration

Cloud directory integration

JumpCloud's cloud directory provides centralized user and group data that Cerbos policies use for authorization decisions

Cross-platform identity

Cross-platform identity

JumpCloud manages identities across platforms and protocols while Cerbos handles fine-grained resource-level authorization within applications

How Cerbos works with JumpCloud

JumpCloud handles authentication, confirming who a user is. Cerbos handles authorization, deciding what that user can do. Together they give you a complete access control stack without coupling identity logic to business rules.

Cerbos lets you write fine-grained, context-aware authorization policies in human-readable YAML. Policies are decoupled from application code so product and security teams can update permissions without a release cycle.

Because Cerbos runs as a stateless Policy Decision Point (PDP) next to your application, authorization checks are sub-millisecond and scale horizontally with your infrastructure.

Policy-as-codeHuman-readable YAML policies managed like source codeScalable PDPStateless policy decision point with sub-millisecond latencyCentralized managementManage, test, and deploy policies from a single control plane

How Cerbos works with JumpCloud

  1. Users authenticate via JumpCloud, JumpCloud handles single sign-on through its cloud directory, supporting SAML, OIDC, LDAP, and RADIUS. User group memberships and directory attributes are included in the OIDC token claims.
  2. Validate the JumpCloud-issued token, Your application validates the OIDC token and extracts the user's groups, directory attributes, and any custom claims configured in JumpCloud.
  3. Send identity and resource context to Cerbos, Pass the JumpCloud user attributes and group memberships as principal attributes alongside the target resource and desired action to the Cerbos PDP.
  4. Cerbos evaluates policies and returns a decision, Cerbos evaluates your YAML policies against the JumpCloud identity data and resource attributes, returning allow or deny. Your application enforces the result.

FAQ

How does Cerbos work with JumpCloud?

JumpCloud authenticates users via SSO and issues OIDC tokens containing group memberships and user attributes sourced from its cloud directory. Your application validates the token, extracts these claims, and passes them to Cerbos as principal attributes. Cerbos evaluates them against your policies alongside resource attributes to make authorization decisions.

Can I use JumpCloud user groups in Cerbos policies?

Yes. JumpCloud organizes users into groups for access management. These group memberships appear as claims in the OIDC token. Pass them to Cerbos as principal attributes, and your policies can use group membership for fine-grained access control decisions.

Does Cerbos replace JumpCloud's application access controls?

No. JumpCloud controls which users can access which applications through its directory-based SSO policies. Cerbos adds resource-level authorization within those applications. JumpCloud determines whether a user can reach your app. Cerbos determines what they can do once they are there.

Learn more about Cerbos

How Cerbos worksCerbos PDPCerbos HubWebinars and ebooksFeatures & use casesSuccess stories

Related integrations

View all integrations →
Auth0
Auth0Map Auth0 Actions, Organizations, and roles to Cerbos policy inputs
Identity providers
Authentik
AuthentikAuthentik property mappings shape token claims for Cerbos policy inputs
Identity providers
AWS Cognito
AWS CognitoCognito user pool groups and custom attributes as Cerbos policy inputs
Identity providers
Clerk
ClerkClerk session claims and Organizations drive Cerbos policy evaluation
Identity providers
Curity
Curity Identity ServerCurity token procedure claims as principal attributes in Cerbos
Identity providers
Descope
DescopeDescope JWT claims, tenant data, and role assignments feed into Cerbos policy evaluation
Identity providers

Cerbos + JumpCloud

  • Cerbos extends JumpCloud roles with fine-grained, attribute-based permissions
  • Policies defined in human-readable YAML, managed as code
  • Authorization logic decoupled from application code
  • Sub-millisecond policy evaluation via stateless PDP
Book a free policy workshopTry the Playground
Cerbos
/assets/footer/socials/x.svg/assets/footer/socials/github.svg/assets/footer/socials/mail.svg/assets/footer/socials/youtube.svg/assets/footer/socials/linkedin.svg/assets/footer/socials/slack.svg/assets/footer/socials/npm.svg/assets/footer/socials/rss.svg
/assets/footer/compliance/soc-2.svg/assets/footer/compliance/gdpr.svg

What is Cerbos?

Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.

Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.

© 2026 Cerbos.dev

Terms of Service

Privacy Policy

Trusted Tester Agreement

Trademark Guidelines