• Home
• Login with external IDP
• JumpCloud as IDP Setup Guide

Configure JumpCloud as SAML IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure JumpCloud as an IDP for Single Sign-On (SSO) into your applications/websites. Here, JumpCloud will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with JumpCloud, making it easier and quick to implement. Our team can also help you set up JumpCloud as SAML IDP to login into your applications.

Prerequisite:

• You need an active JumpCloud organization and an account with administrator rights.
• Before configuring JumpCloud, collect miniOrange SP metadata. You will upload it in JumpCloud to register miniOrange as the service provider (JumpCloud stays the identity provider).
• Sign in to the miniOrange Admin Console.
• Go to Identity Providers and click Add Identity Provider.
• Under Choose Identity Provider, select SAML, then pick SAML Provider (search the catalog if it is not listed).
• On SAML Identity Provider, click View metadata information to see SAML details for miniOrange as the service provider (see below).



• Click Download Metadata button. Keep this metadata file ready; you will use it to configure JumpCloud next.

Steps to setup JumpCloud as an IDP and miniOrange as SP for SSO login

1. Configure miniOrange as Service Provider (SP) in JumpCloud

• Log in to your JumpCloud Administrator Console.
• Click on Administrator Login.



• Login with your JumpCloud administrator Login credentials.



• Navigate to User Authentication >> SSO.



• Select the + in the upper left.



• Scroll down and click on Custom SAML App.



• Under General info tab, enter the following details:

Display Label Name	Enter a label for Service Provider.
Description	Enter description for your application.
Display option:	Upload a logo of your SP or select a color under color indicator.




• Under SSO tab, click on Upload Metadata under the Service Provider Metadata and upload the metadata file which you got from Prerequisites.




Attribute Mapping

• Under SSO tab, scroll down to Attributes section and enter the following entities.

Service Provider Attribute Name	JumpCloud Attribute Name
First Name	firstname
Last Name	lastname

• To add more attributes click on add attributes.
• Then click on save to save your application.





• To get the IDP metadata tick the application check box and click on export metadata.



• You have successfully configured JumpCloud as SAML IdP (Identity Provider) for achieving Single Sign-On.

2. Configure JumpCloud as Identity Provider (IDP) in miniOrange

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for SAML Provider.



• Click on Import IDP metadata.



• Choose an appropriate IDP name. Browse for the file we downloaded in the previous step and Click on Import.



• Your IDP metadata details will be auto-filled.



• Click on Save.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid JumpCloud credentials (credentials of user assigned to app created in JumpCloud), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of JumpCloud as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers.
• Click the three dots in the Actions menu, and select Attribute Mapping against the Identity Provider (IDP) you configured.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know More about Single Sign On
• SP-Initiated v/s IdP-Initiated SSO