- Generate a public certificate and private key pair
- SHA1 certificate fingerprint.
- How to configure User authorization.
- Users need to exist in both JumpCloud and CakeHR. The email address must match.
Configure the JumpCloud SSO Application
- Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
- Select Applications in the main navigation panel on the left side.
- Select + in the upper left, scroll or search for the application in the Configure New Application side panel and then select Configure.
- You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
- In the IDP Entity ID field, enter
- Select Upload IdP Private Key and upload private.pem file generated according to the above prerequisites.
- Select Upload IdP Certificate and upload cert.pem file generated according to the above prerequisites.
- In the ACS URL field, paste
https://DOMAIN.cake.hr/services/saml/consume(DOMAIN has to be changed to your CakeHR sub-domain).
- In the field terminating the IDP URL, either leave the default value or enter a plain text string unique to this connector.
- (Optional) In the Display Label field, enter a label that appears under the Service Provider logo within the JumpCloud User console.
- Select Activate.
Configure the Service Provider
- Log in to CakeHR account.
- In the profile avatar menu, select Settings.
- Under General, select Integrations > SAML SSO.
- In Entity ID field, enter
- In Authentication URL field, copy and paste the IDP URL from step 8 in Configure the JumpCloud SSO Application (above).
- In Key fingerprint field, enter your public certificate fingerprint with colons removed
# openssl x509 -sha1 -in cert.pem -noout -fingerprint | sed s/://g.
- Enable Allow to sign in with email & password until SAML workflow has been validated to avoid accidental lockout.
- Select Save.
Validate SSO authentication workflows
- Access the JumpCloud User Console at https://console.jumpcloud.com.
- Select the Service Provider icon.
- This should automatically launch and login to the application.
- Navigate to your Service Provider application URL and select SIGN IN.
- You will be redirected to log in to the JumpCloud User Portal.
- The browser will be redirected back to the application and be automatically logged in.