Skip to main content

About JumpCloud SAML Integration

JumpCloud SAML integration in Iru Endpoint lets you set up SAML-based SSO integration with JumpCloud for users accessing Iru Endpoint through their JumpCloud credentials.

How It Works

When users attempt to access Iru Endpoint, they’re redirected to JumpCloud for authentication. After successful authentication, JumpCloud sends a SAML assertion back to Iru Endpoint, which validates the user’s identity and grants access to the platform.

Setting Up the SAML Connection

1

Navigate to the Account Menu Button

In Iru Endpoint, in the sidebar, click the Account Menu Button.
2

Access Authentication Settings

Click the Access option in the menu.
3

Add New Connection

Select the Admin and Authentication tab (selected by default) and scroll down to Authentication methods.
4

Add Authentication Method

Click + Authentication Method, then enter a display name for the SSO Connection and select SAML.
5

Create Connection

Click Create.
6

Configuration Information

Click Configuration information if that section is not already expanded.
7

Copy Service Provider Entity ID

Copy the Service provider entity ID into a text document for later use.
8

Copy ACS URL

Copy the Assertion Consumer Service URL and save it in a text document for later use.
9

Keep Tab Open

Leave this browser tab open as you proceed with the instructions below.

Configuring JumpCloud Application

1

Access JumpCloud Console

Log in to console.jumpcloud.com/login/admin and, in the lefthand navigation bar’s User Authentication section, select SSO Applications.
2

Create New Application

Click on the circular + button, or, if this is your first application, click Get Started.
3

Select Custom Application

At the bottom of the screen, click Select in the Custom Application tile. Then, click Next.
4

Configure SSO Options

On the Select Options tab, select the following:
  • Manage Single Sign-On (SSO)
  • Configure SSO with SAML
5

Continue Setup

Click Next.
6

Configure General Information

On the Enter General Info tab:
  1. Add a name for the Display Label.
  2. Add a Description if desired.
  3. Choose either a color Indicator or upload a logo for the Display Portal Image.
  4. Optionally, choose to show the application in the User Portal.
  5. Expand the disclosure triangle beside Advanced Settings.
  6. In the SSO IdP URL field, enter iru. The full URL should read https://sso.jumpcloud.com/saml2/iru.
  7. Click Save Application.
7

Configure Application

After your application is saved, click Configure Application.
8

Configure SSO Settings

On the SSO tab of the configuration modal:
  1. Copy the Entity ID from Iru Endpoint that you saved earlier and paste it into the SP Entity ID field in JumpCloud only (do not paste it into the IdP Entity ID field).
  2. For the IdP Entity ID, create a unique Entity ID (e.g. iru-saml-jumpcloud) and enter it in the IdP Entity ID field. Save this unique IdP Entity ID for use in Iru Endpoint later.
  3. Copy the Assertion Consumer Service URL from Iru Endpoint that you saved earlier and paste it into the ACS URL field.
  4. Leave the SAML Subject NameID set to email.
  5. In the SAMLSubject NameID-Format field, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress from the dropdown menu.
  6. Set the Signature Algorithm to RSA-SHA256.
  7. Select Sign Assertion.
  8. Ensure the IDP URL is https://sso.jumpcloud.com/saml2/iru. If it is not, you will need to delete the integration and create a new one. Copy this URL and save it for use in Iru Endpoint later.
  9. Click Save.
9

Download Certificate

Once saved, you can go back into the configured application, navigate to the lefthand menu bar of the modal, and click on IdP Certificate Valid. Select Download certificate when presented with the certificate options; it will be used in Iru Endpoint later.
10

Configure User Groups

On the User Groups tab:
  • Add a user group to the SSO application. If you want to restrict who can access the SSO app, create another user group in your JumpCloud console and assign it to the SSO app.

Configuring Iru Endpoint SAML Connection

1

Return to Iru Endpoint

Go back to the Custom SAML modal in Iru Endpoint.
2

Name the Connection

Give the connection a Name.
3

Add Sign-in URL

Paste in the Sign-in URL you copied from JumpCloud: https://sso.jumpcloud.com/saml2/iru.
4

Add IdP Entity ID

Paste the unique IdP Entity ID you created earlier in JumpCloud into the IdP Entity ID field in Iru Endpoint.
5

Upload Certificate

Upload the certificate you downloaded from JumpCloud.
6

Configure User Attributes

Keep the IdP attribute setting as Subject.
7

Enable Sign Request

Ensure that Sign Request is set to Yes.
8

Set Request Algorithm

Ensure that Request Algorithm is set to RSA-SHA256.
9

Set Digest Algorithm

Ensure that Sign Request Algorithm Digest is set to SHA 256.
10

Set Protocol Binding

Set the Protocol Binding to HTTP-POST.
11

Save Configuration

Click Save.

Allow for Tenant Authentication

Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can allow its use for tenant authentication. For step-by-step instructions, please refer to the Allowing Tenant Authentication and Managing Connections section in our Single Sign-on support article.

Enforcing Single Sign-On

Once you have configured at least one Single Sign-on connection, you can disable Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-on support article for step-by-step instructions.

Testing the Integration

1

Add User to Admin Team

Add a user to the Admin Team in Iru Endpoint by clicking New User.
2

Fill User Information

Fill in all of the corresponding user information. This user must exist in JumpCloud and must be assigned to the Iru Endpoint SSO app in your JumpCloud tenant.
3

Submit User

Click Submit.
4

Close Invite Window

Once the invite is submitted, close the Invite User window.
5

Refresh Access Page

Refresh the Access page in Iru Endpoint. You should see the user you just added.
6

Test SSO Login

Check the user’s email to accept the invitation and log into Iru Endpoint with the new SAML SSO connection.

Considerations

Security: Ensure that your JumpCloud tenant has appropriate security policies configured for SAML authentication. User Management: Users must exist in both JumpCloud and Iru Endpoint to successfully authenticate via SSO. Testing: Always test the SSO integration with a small group of users before rolling out to your entire organization. Certificate Management: Keep track of certificate expiration dates and ensure timely renewal to maintain SSO functionality.