Active Directory User Status Impacted

Incident Report for JumpCloud

Postmortem

Incident Report

‌

Date: May 12, 2025

Date of Incident: May 2, 2025

Description: RCA for ADI User Login Errors

‌

Summary:

On May 2nd, at approximately 07:00 UTC, a change was deployed to JumpCloud’s Active Directory Integration causing a warning message to appear and preventing successful logins for some users across a subset of organizations. During that time the workaround for users was to change their password, which then allowed a successful login.

‌

Root Cause:

The change introduced was part of an effort to modernize external user identification in Active Directory, which inadvertently caused an error in handling some restricted attributes. This resulted in the incorrect transformation of these fields, setting the password status of some external user accounts to "pending”. This event disrupted user access and necessitated a password update for the affected users until JumpCloud successfully rectified their account status.

‌

How was this missed in your testing? Unfortunately, the change affected a subset of users that had a unique combination of values set on their user record. Specifically, the logic was only applied to users that had an empty value on their restricted fields. The testing that was performed did not contain a user in that state, incorrectly passing the test.

‌

Corrective Actions / Risk Mitigation:

Revert that code version - DONE
Modify all incorrect user entries in our backend systems - DONE
Increased testing scenarios verifying all user states and backward compatibility - IN PROGRESS

Posted May 12, 2025 - 08:35 MDT

Resolved

This incident has been resolved.

Posted May 02, 2025 - 16:28 MDT

Monitoring

We have completed implementation of our remediation plan and do not anticipate any further impact. We will continue to monitor for any issues.

Posted May 02, 2025 - 14:30 MDT

Update

We are continuing with our implementation of our remediation plan. We anticipate several more hours to complete. We will provide another update in two hours.

Posted May 02, 2025 - 12:40 MDT

Update

We have identified a fix for this issue. We have validated our remediation plan and are implementing it now. The plan will take several hours to complete. We will provide another update in one hour.

Posted May 02, 2025 - 11:42 MDT

Update

We are in the process of validating our remediation plan. We will communicate it as soon as it is ready. We will share another update in one hour.

Posted May 02, 2025 - 10:34 MDT

Update

We have reverted the update which caused the initial impact. There should be no new occurrences. We are creating a remediation plan at this time and will share it as soon as it is ready. We will share another update in one hour.

Posted May 02, 2025 - 09:24 MDT

Update

We have identified the cause of the issue and are refining the fix to be implemented. We will share another update in one hour.

Posted May 02, 2025 - 08:26 MDT

Identified

We have identified the cause of the issue and a fix is being implemented. We will share another update in one hour.

Posted May 02, 2025 - 07:19 MDT

Update

We are continuing to investigate reports of user accounts being changed to pending status for tenants integrated with Active Directory Bridge. We will share another update in one hour.

Posted May 02, 2025 - 06:08 MDT

Investigating

We are investigating reports of user accounts being changed to pending status for tenants integrated with Active Directory Bridge.

Posted May 02, 2025 - 02:52 MDT

This incident affected: Active Directory Integration.