![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\"){kind=icon}
<\/p><\/div>
For general information on Conditional Access Policies, including a list of supported browsers, see Get Started: Conditional Access Policies<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n If you\u2019re not sure what to create for your first conditional access policy, use one or more of the following policy ideas to relax or restrict user access to resources. <\/p>\n\n\n\n Policies to get you started:<\/p>\n\n\n\n Users need to meet the conditions of a policy for it to apply. For example, let’s say you create a policy for all your users that requires them to use MFA when they log in to the User Portal from a selected network. When your users aren\u2019t on the selected network and they log in to the User Portal, the Default Access Policy applies instead. Learn more: Set a Default Access Policy<\/a>.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n If your data is stored outside of the US, check which login URL you should be using depending on your region. If your organization uses LDAP, RADIUS, or requires firewall allow list configuration, the Fully Qualified Domain Names (FQDNs) will also be region specific. See JumpCloud Data Centers<\/a> for the URLs, FQDNs, and IP addresses.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n Give a policy a name and a description (optional) in this section. New policies are enabled by default, but if you want to create the policy now, and enable later, use the toggle to the left of this section. The type of resource you\u2019re configuring the policy for is listed under Resources<\/strong>. When you\u2019re configuring an application policy, you can choose if the policy applies to specific applications or all of your applications. For all policies, you also choose if the policy applies to all of your users or specific user groups.<\/p>\n\n\n\n If a user is in a group that’s included and in another group that’s excluded, they will be excluded from the policy. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n An access policy becomes a conditional access policy by adding a condition. Adding a condition is a Premium feature and is part of our Platform Prime plan. You can decide if any or all of the conditions need to be met for the policy to apply. <\/p>\n\n\n\n At most, you can add one of each type of Condition in a policy. <\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n Enrollment periods aren\u2019t honored by conditional access policies. When you configure and enable a conditional access policy that requires MFA, users who don’t have MFA set up are required to enroll in MFA the first time they log in to the resource.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n To disable or delete an Access Policy:<\/strong><\/p>\n\n\n\n Conditional Access Policies work in conjunction with Default Access Policies. If none of the set conditional policies apply to a user, the Default Access Policies are enforced as fallback policies.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n An access policy created for the User Portal or SSO Applications becomes a conditional access policy when you add a condition. Adding a Condition is a Premium feature and is part of our Platform Prime plan.<\/p>\n\n\n\n JumpCloud determines the management status of devices depending on their platform:<\/p>\n\n\n\n\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\"){kind=icon}
<\/p><\/div>Configuring a New Access Policy<\/h2>\n\n\n\n
\n
![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\"\/){kind=icon}
<\/p><\/div>\n
General Info<\/h3>\n\n\n\n
![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/capolicy-new-policy.png\")
<\/p>\n\n\n\nAssignments<\/h3>\n\n\n\n
\n
<\/p><\/div>![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-assignments-and-users.png\")
<\/p>\n\n\n\nConditions (Optional)<\/h3>\n\n\n\n
<\/p><\/div>![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-conditions.png\")
<\/p>\n\n\n\n\n
Action<\/h3>\n\n\n\n
\n
<\/p><\/div>Removing a Policy<\/h2>\n\n\n\n
\n
![\"Select](\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/05\/delete-cap.png\")
<\/li>\n<\/ul>\n\n\n\n<\/p><\/div>Understanding Conditions<\/h2>\n\n\n\n
<\/p><\/div>\n
\u200b\u200b\u200b\u200b\u200b\u200b\u200bDevice Management Condition<\/h3>\n\n\n\n
\n
<\/p><\/div>\n
We recommend keeping certificates enabled as a fallback for users unable to use JumpCloud Go, or for federated logins to desktop applications and VPN clients where Conditional Access Policies are enforced.\n\n
\n
<\/p><\/div>
![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-disk-encryption.png\")
<\/li>\n<\/ul>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-disk-encryption-example.png\")
<\/p>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-ip-address.png\")
<\/li>\n<\/ul>\n\n\n\n![\"\"](\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/04\/ca-policy-location.png\")
<\/li>\n<\/ul>\n\n\n\n![](\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/important-icon.png\"){kind=icon}
<\/p><\/div>