- Generate a public certificate and private key pair.
- In order to successfully complete the integration between JumpCloud and TalentLMS, you must use an administrator account (Super Administrator or Admin-Type) in TalentLMS.
- How to configure User authorization.
- SAML 2.0 Just-In-Time (JIT) user provisioning is not supported by TalentLMS.
Configure the Service Provider
- Log in to TalentLMS as a global administrator.
- Select Account & Settings.
- Select on the Users tab.
- Select Single Sign-On (SSO).
- Beside SSO integration type, select SAML 2.0 from the drop-down menu.
- In the Identity provider (IdP) field, enter
https://YOURDOMAIN.com(replace YOURDOMAIN with your company’s unique domain).
- Select or paste your SAML certificate (PEM format).
- In the SAML Certificate field, paste in your entire public certificate.
- In the Remote sign-in URL field, enter
https://sso.jumpcloud.com/saml2/talentlms(this is the default IdP URL).
- (Optional) If you would like users to be sent back to the JumpCloud User Portal when they log out of TalentLMS, enter the following as the Remote sign-out URL:
- Select Save.
- Select Single Sign-On (SSO) again.
- Copy the Assertion Consumer Service (ACS) URL.
Configure the JumpCloud SSO Application
- Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
- Select Applications in the main navigation panel.
- Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- In the IDP Entity ID field, enter
- Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
- Select Upload IdP Certificate and upload the cert.pem file generated according to the above prerequisites.
- In the SP Entity ID field, enter
SUBDOMAIN.talentlms.com(replace SUBDOMAIN with your TalentLMS subdomain).
- In the ACS URL field, paste the Assertion Consumer Service URL you copied from TalentLMS.
- In the IdP-Initiated URL field, enter
https://SUBDOMAIN.talentlms.com/index/ssologin/service:saml(replace SUBDOMAIN with your TalentLMS subdomain).
- In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
- (Optional) In the Display Label field, enter a label that will appear under the Service Provider logo within the JumpCloud User console.
- Select Activate.
Validate SSO authentication workflows
- Access the JumpCloud User Console at https://console.jumpcloud.com.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
- Navigate to your Service Provider application URL.
- You will be redirected to log in to the JumpCloud User Portal.
- The browser will be redirected back to the application and be automatically logged in.