JumpCloud IdP SSO setup instructions

SECURITY  Master role

JumpCloud is a cloud-based identity management service that allows you to access applications with single sign-on. This article guides you through how to integrate KaseyaOne with JumpCloud IdP. After successful integration, users will be able to access KaseyaOne from the JumpCloud User Portal or from the KaseyaOne login page using JumpCloud credentials.

Supported features

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time provisioning

Prerequisites

  • Master user account in KaseyaOne and Administrator account in JumpCloud

  • Users must have the same email address in KaseyaOne and JumpCloud

Before starting, it is recommended that you open two tabs in your browser — one for KaseyaOne and one for the JumpCloud Admin Portal.

  1. Open a browser and log in to KaseyaOne.

  2. In a separate browser tab, log in to the JumpCloud Admin Portal as a system administrator.

  3. Navigate to User Authentication > SSO Applications on the left navigation menu.

  4. Click Add New Application to create a new application.

  5. Select the Custom Application tile on the next screen and then click Next.

  6. On the Create New Application Integration screen:

    1. Click Next to proceed with the custom application configuration.

    2. On the Select the features you would like to enable step:

      • Select the Manage Single Sign-On (SSO) check box.

      • Select the Configure SSO with SAML option.

      • Click Next.

    3. On the Enter General Info step, do the following:

      • Display Label: Enter KaseyaOne as the application name.

      • (Optional) Description: Enter a description for the application.

      • (Optional) User Portal Image: Modify the logo or color indicator as required.

      • Click Save Application.

      • Click Configure Application to proceed to application configuration.

  7. Go to the SSO tab and configure the following Single Sign-On Configuration settings:

    1. IdP Entity ID: Enter JumpCloud.

    2. SP Entity ID: Enter the URL: https://one.kaseya.com

    3. ACS URL: Enter the URL: https://api-one.kaseya.com/api/v1/sso/saml-callback


    4. Under Sign*, select the Assertion and Response option.

    5. Under Attributes, click add attribute and add the following attributes:

      User Attributes

      Attribute 1:
      Service Provider Attribute Name: email
      JumpCloud Attribute Name: email

      Attribute 2:
      Service Provider Attribute Name: username
      JumpCloud Attribute Name: username

      Attribute 3:
      Service Provider Attribute Name: firstname
      JumpCloud Attribute Name: firstname

      Attribute 4:
      Service Provider Attribute Name: lastname
      JumpCloud Attribute Name: lastname

      Constant Attribute

      Service Provider Attribute Name: CompanyIdentifier
      Value: Enter the KaseyaOne Company Identifier here. To obtain this identifier: 

      1. Go to the KaseyaOne tab in your browser, navigate to the Admin Settings > Third-Party IdP view and copy the Company Identifier field value.

        Example 1: <8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000>
        Example 2: <Organization-8000000-00000-0000-00000000-00000000-0000-0000-0000-000000000000>

      2. Go back to the JumpCloud tab in your browser and paste the value in the corresponding field.

      Group Attribute

      Select the Include Group attribute check box and enter securityGroups as the value.

    6. Download the IdP certificate:

      • Locate the certificate, typically named IDP Certificate Valid, on the side of the page.

      • Click the drop-down arrow and click Download Certificate.

    7. Copy the IDP URL field value and do the following: 

      1. Go to the KaseyaOne tab in your browser.

      2. Navigate to the Admin Settings > Third-Party IdP view.

      3. Paste the IDP URL value into the Identity Provider Issuer field.

    8. Click Save when done to save the configuration settings.

  8. Do not close this browser tab.

  1. Go to the KaseyaOne tab in your browser.

  2. Navigate to the Admin Settings > Third-Party IdP view.

  3. In the Single Sign-On section, enter the following information:

    • Identity Provider Issuer. Enter JumpCloud.

  4. Upload the JumpCloud IdP certificate that you downloaded in Step 1, #7f.

  5. Turn on the Enable Single Sign-On via SAML toggle to enable SSO integration.

  1. Go back to the JumpCloud tab in your browser and, if not already done so, create a new user group and assign users to the group.

  2. Open the KaseyaOne SSO application.

  3. On the Applications panel, go to the User Groups tab.

  4. Select the user group and then click Save. The user selected to test the application must be assigned to this user group.

    Users assigned must have the same email address in JumpCloud and KaseyaOne.

You can test your JumpCloud integration by logging in from either JumpCloud (IdP-initiated login) or the KaseyaOne login page (SP-initiated login).

  1. Log out of KaseyaOne.

  2. Go back to the JumpCloud tab in your browser.

  3. Click your user initials on the top navigation menu and then click Launch User Portal.

    .

  4. Click the KaseyaOne SSO application that you configured in the JumpCloud User Portal.

  5. Verify that you are redirected to and logged in to KaseyaOne.

  1. Log out of KaseaOne.

  2. Log back in to KaseyaOne as follows: 

    • Enter the Username and Company Name for your account and click Next.

    • Click Log In with Single Sign-On.

  3. If already logged in to JumpCloud (if you have an active browser session), verify that you are redirected to and logged in to KaseyaOne.

  4. If not already logged in to JumpCloud:

    • You will be redirected to the JumpCloud login page — enter your credentials and complete the user login process.

    • Verify that you are redirected to and logged in to KaseyaOne.