- Generate a public certificate and private key pair.
- You must have an Admin role on your team to edit SAML settings.
- If the SAML SSO configuration options are not present in the settings, contact HelloSign to have the option enabled.
- How to configure User authorization.
- For SP Initiated Logins to function, Allow standard logins for admins must be deselected.
Configure the JumpCloud SSO Application
- Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
- Select Applications in the main navigation panel.
- Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, the select 'configure'.
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- In the IDP Entity ID field, enter
- Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
- Select Upload IdP Certificate and upload the cert.pem file generated according to the above prerequisites.
- In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
8 (Optional) In the Display Label field, enter a label that will appear under the Service Provider logo within the JumpCloud User console.
Configure the Service Provider
- Log in to HelloSign as an admin, go to Settings > Team.
- Select 'Enable SAML SSO'.
- In the Identity Provider Single Sign-On URL field, enter the IdP URL specified in the Application configuration above.
- In the Identity Provider Issuer field, enter the IdP Entity ID specified in the Application configuration above.
- In the X.509 Certificate field, enter the contents of the cert.pem generated per the prerequisites above.
- Recommended: In SAML SSO Options, enable Allow standard logins for admins. This will allow an admin to login with a password in case of an SSO misconfiguration. Deselect this option after testing to allow for SP Initiated logins.
Validate SSO authentication workflow
- Access the JumpCloud User Console at https://console.jumpcloud.com.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
- Go to https://app.hellosign.com.
- Enter your email address and select Login.
- If necessary, log into the JumpCloud User Console as the appropriate user.
- You should automatically be logged in to the application.