JumpCloud IdP SSO setup instructions
SECURITY Master role
JumpCloud is a cloud-based identity management service that allows you to access applications with single sign-on. This article guides you through how to integrate KaseyaOne with JumpCloud IdP. After successful integration, users will be able to access KaseyaOne from the JumpCloud User Portal or from the KaseyaOne login page using JumpCloud credentials.
Supported features
-
IdP-initiated SSO
-
SP-initiated SSO
-
Just-in-time provisioning
Prerequisites
-
Master user account in KaseyaOne and Administrator account in JumpCloud
-
Users must have the same email address in KaseyaOne and JumpCloud
Before starting, it is recommended that you open two tabs in your browser — one for KaseyaOne and one for the JumpCloud Admin Portal.
- Open a browser and log in to KaseyaOne.
-
In a separate browser tab, log in to the JumpCloud Admin Portal as a system administrator.
-
Navigate to User Authentication > SSO Applications on the left navigation menu.
-
Click Add New Application to create a new application.
-
Select the Custom Application tile on the next screen and then click Next.
-
On the Create New Application Integration screen:
-
Click Next to proceed with the custom application configuration.
-
On the Select the features you would like to enable step:
-
On the Enter General Info step, do the following:
-
-
Go to the SSO tab and configure the following Single Sign-On Configuration settings:
-
SP Entity ID: Enter the URL:
https://one.kaseya.com
-
ACS URL: Enter the URL:
https://api-one.kaseya.com/api/v1/sso/saml-callback
-
Under Sign*, select the Assertion and Response option.
-
Under Attributes, click add attribute and add the following attributes:
User Attributes
Attribute 1:
Service Provider Attribute Name: email
JumpCloud Attribute Name: emailAttribute 2:
Service Provider Attribute Name: username
JumpCloud Attribute Name: usernameAttribute 3:
Service Provider Attribute Name: firstname
JumpCloud Attribute Name: firstnameAttribute 4:
Service Provider Attribute Name: lastname
JumpCloud Attribute Name: lastnameConstant Attribute
Service Provider Attribute Name: CompanyIdentifier
Value: Enter the KaseyaOne Company Identifier here. To obtain this identifier:-
Go to the KaseyaOne tab in your browser, navigate to the Admin Settings > Third-Party IdP view and copy the Company Identifier field value.
Example 1:
<8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000
>
Example 2:<Organization-8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000>
-
Go back to the JumpCloud tab in your browser and paste the value in the corresponding field.
Group Attribute
Select the Include Group attribute check box and enter securityGroups as the value.
-
-
Click Save when done to save the configuration settings.
-
Do not close this browser tab.
-
Go to the KaseyaOne tab in your browser.
-
Navigate to the Admin Settings > Third-Party IdP view.
-
In the Single Sign-On section, enter the following information:
-
Upload the JumpCloud IdP certificate that you downloaded in Step 1, #7f.
-
Turn on the Enable Single Sign-On via SAML toggle to enable SSO integration.
-
Go back to the JumpCloud tab in your browser and, if not already done so, create a new user group and assign users to the group.
-
Open the KaseyaOne SSO application.
-
On the Applications panel, go to the User Groups tab.
-
Select the user group and then click Save. The user selected to test the application must be assigned to this user group.
Users assigned must have the same email address in JumpCloud and KaseyaOne.
You can test your JumpCloud integration by logging in from either JumpCloud (IdP-initiated login) or the KaseyaOne login page (SP-initiated login).
-
Log out of KaseyaOne.
-
Go back to the JumpCloud tab in your browser.
-
Click your user initials on the top navigation menu and then click Launch User Portal.
-
Click the KaseyaOne SSO application that you configured in the JumpCloud User Portal.
-
Verify that you are redirected to and logged in to KaseyaOne.
-
Log out of KaseaOne.
-
Log back in to KaseyaOne as follows:
-
Enter the Username and Company Name for your account and click Next.
-
Click Log In with Single Sign-On.
-
-
If already logged in to JumpCloud (if you have an active browser session), verify that you are redirected to and logged in to KaseyaOne.
-
If not already logged in to JumpCloud:
-
You will be redirected to the JumpCloud login page — enter your credentials and complete the user login process.
-
Verify that you are redirected to and logged in to KaseyaOne.
-