SAML Configuration Notes

Use JumpCloud SAML Single Sign On (SSO) to give your users convenient but secure access to all their web applications with a single set of credentials. When you connect a SAML SSO application to JumpCloud, here are a few notes you need to take into consideration before and after you configure an SSO connector. 

Pre Configuration

Unsupported Web Browsers

  • JumpCloud SAML SSO doesn’t support Internet Explorer 8, 9, and 10. 

Customizing Display Options

  • You can customize application display options. You can use the default service provider logo, use the Color Indicator, or upload a custom logo. Learn how to customize display options.

Using Certificates

  • A public certificate and private key pair are required to successfully connect applications with JumpCloud. After you activate an application, we automatically generate a public certificate and private key pair for you. You can use this pair or upload your own.
  • JumpCloud SAML SSO connectors support SHA-256 certificates by default. Although JumpCloud supports SHA-1 certificates, if the service provider supports it, we recommend using SHA-256 for stronger security. 

Exporting JumpCloud Metadata

  • When you configure SAML applications, you have two options to export JumpCloud metadata and upload it to the service provider.
    • Export a JumpCloud metadata file.
      • From Applications, select the option next to the application name, click export metadata in the top right corner, save the file, then upload the metadata file to the service provider.
      • From the Application’s Details Panel, select the SSO tab, then click Export Metadata under JumpCloud Metadata.
    • Copy the Metadata URL.
      • From the Application’s Details Panel, select the SSO tab, then click Copy Metadata URL. This will copy the URL to the clipboard.

Configuring Attributes

  • Though they aren’t required, you can add supplemental user, constant, and group attributes in the SAML 2.0 Connector and in pre-built connectors that may be used to support functionality like provisioning. Make sure the attributes are supported by the service provider.

Connecting Applications

Post Configuration

Troubleshooting

Authorizing Users

Provisioning Users

  • You can use Just-In-Time provisioning with the SAML 2.0 Connector and some of our pre-built connectors. This reduces the steps in provisioning users to SAML applications.

Managing User Portal Session Duration

Deleting or Deactivating a SAML SSO Application

  • Deactivate a SAML SSO application and temporarily suspend user access to an application.
  • Delete a SAML SSO application and permanently remove it from the User Portal and Admin Portal.

Using Conditional Access Policies with Applications

  • Add an extra layer of security when users access applications. You can restrict or deny access based on conditions that you set. For example, after a user logs in to the User Portal, require Multi-factor Authentication when they access certain applications or deny access when they access an application from an unapproved network. Learn more in Get Started: Conditional Access Policies

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case