SSO: Configure JumpCloud connection via SAML

Home
Essential Knowledge
By Type
Building Blocks
APIs
Releases

How-to Guide

Author:

Fluent Commerce

Changed on:

8 Oct 2024

Key Points

It is possible to use the generic SAML configuration to add an external identity provider that follows the SAML standard
This page provides a guide on how to configure an external identity provider via SAML configuration.

Steps

Overview

It is possible to use the generic SAML configuration to add an external identity provider that follows the SAML standard. To configure an external identity provider via SAML configuration, it is required to do the following.

Prerequisites

Ensure that you have A JumpCloud account

To set up JumpCloud as an external identity provider for the application, it is required to register the application with JumpCloud.

Step 1.

Go to JumpCloud. If one doesn’t have a JumpCloud account, they can create one.

Step 2.

On the left menu click SSO and then click on Plus Button.

Step 3.

On the Configure New SSO Application drawer click on Custom SAML App button.

Step 4.

On the General Info tab of New Application drawer enter application name into Display Label field.

Step 5.

Switch to the SSO tab. Here we need to fill IdP Entity ID, SP Entity ID and ACS URL fields.

Note

Unless configured do not close JumpCloud and PingOne tabs/windows in the browser.

Step 6.

To fill the values from the previous step we need to create External IdP in PingOne.

Step 7.

Go to Connections → External IDPs.

Step 8.

Click + Add Provider.

Step 9.

Click SAML.

Step 10.

On the Create Profile screen, enter the following

Name. A unique identifier for the identity provider.
Description (optional). A brief characterization of the identity provider.
Icon (optional). An image to represent the identity provider. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
Login button (optional). An image to be used for the login button that the end user will see. Use a 300 X 42 pixel image.

Step 11.

Click Continue.

Step 12.

On the Configure PingOne Connection screen copy PingOne (SP) entity ID and put the value into the IdP Entity ID, SP Entity ID fields on the New Application drawer in JumpCloud (see step 5).

Step 13.

Click Continue.

Step 14.

On the Configure IDP Connection screen copy ACS ENDPOINT and fill the copied value into the ACS URL field on the New Application drawer in JumpCloud (see step 5).

Step 15.

Go to JumpCloud and on the New Application drawer change value in SAML Subject NameID to the username value.

Step 16.

Switch to the User Groups tab and select groups which will have access to the application.

Step 17.

Click on the activate button and then confirm your new SSO connector instance (click on the continue button).

Step 18.

After the application is successfully created, it is necessary to export Metadata:

In JumpCloud click SSO
select your created application in the list
switch to the SSO tab on the opened drawer
click on Export Metadata button -> file containing data is downloaded to the computer.

Step 19.

Go back to PingOne and select option Import Metadata on Configure IDP Connection screen, click on the Choose button and then select downloaded file.

Step 20.

Click Save and Continue.

Step 21.

On Map Attributes screen click on the Save&Finish button.

Dont't forget

Enable the External Identity Provider.
Create a new Authentication Policy and add the newly created External Identity Provider to it.

Add the Authentication Policy to the application.