JumpCloud

This article provides step-by-step instructions for integrating JumpCloud SSO (SAML 2.0) with your custom application.

Prerequisites

Before you begin, ensure the following:

• Admin access to the JumpCloud Admin Console

• A custom application that supports SAML 2.0 authentication

• A valid SSL certificate on your application

• Access to modify the SAML configuration in your application

Steps Involved

1. Create a New SSO Application in JumpCloud

   • Log in to JumpCloud (https://console.jumpcloud.com/login/) Admin Console and navigate to SSO → Applications.

   • Click on Add New Application.

     
   • Search SAML and select the SAML2.0 App.

     
   • Provide a name for your application (e.g., OvalEdge).

   • Upload a logo (optional).

     
   • After submission, you'll be redirected to the SSO → Identity Management → User Group page.

     

2. Configure SAML Settings

   • Provide the required SAML configuration values as per the mentioned screenshot:

     • SP Entity ID

     • ACS URL(s)

     • IdP URL

     
   • Select SSO and enter the required (IDP URL) details as shown below.

     

3. Configure Attribute Mapping

   • Navigate to the User Attributes section in JumpCloud.

   • Map the following attributes as needed:

     • email → email

     • firstName → firstname

     • lastName → lastname

     • (Optional) group → user.groups

   • Click Save.

     

4. Assign Users to the Application

   • User Creation Process

     • Provide the required user details and click Save.

     • Navigate to the User Group section to assign the user to the appropriate group.

       
     • Provide necessary details and click Save.

       

   • Group Configuration

     • Go to User Groups.

     • Click the (+) icon, then provide the OvalEdge defined role in the Group configuration.

       
     • Go to the users and add a previously created user to this group.

       
     • Go to the application and add the above-created application as per the screenshot.

       
     • Click Save Group & Apply Changes.

5. Configure SAML in Your Custom Application

   • Until the above configuration is done, copy the METADATA URL as per the screenshot.

     
   • Go to oasis.properties and update the below configurations with the URLs configured above.

     

     
   • Once the above configuration is updated, add the parameter in the setenv file as shown below:

   Copy

   -DOVALEDGE_SECURITY_TYPE=ldap

   • Once it is done, restart the service and check the logs.

6. Test the SSO Integration

   • Open a new incognito/private browser window.

   • Navigate to your custom application's login page.

   • Click Login with SSO.

     
   • Enter your JumpCloud credentials.

     

7. Troubleshooting Common Issues

   • Incorrect Credentials / Access Denied

     • Ensure the user is assigned to the application in JumpCloud.

     • Verify attribute mapping matches the required fields.

   • Signature Validation Failed

     • Ensure the correct IdP Certificate is uploaded to your application.

     • Verify that the SP Entity ID matches the one configured in JumpCloud.

   • Redirect Loop / Infinite Login Attempts

     • Verify the ACS URL is correct.

     • Ensure the application handles SAML authentication responses correctly.

Copyright © 2025, OvalEdge LLC, Peachtree Corners, GA, USA.