JumpCloud (SAML)
Setting Up JumpCloud via SAML
Setup Instructions
Below describes how to set up JumpCloud for Single Sign-On with Codefresh using SAML. If you do not have the SAML option, please create a support ticket enable SAML for the account.
In Codefresh
- Go to Account settings > Single Sign On
- Select Add Single Sign On > SAML
- We need to create an Entry with temp info since we need Codefresh information first for JumpCloud
- Display Name: Name you want
- IDP Entry: type in any character
- Application Cert: type in any character
- Save
- Click Edit, and we will come back for the information
In JumpCloud
- Go to the SSO Section
- Click the Green +
- Select Custom SAML
- Add a Display Label (can be what you want)
- Click the SSO Tab
- IDP Entity ID: On the Codefresh side, this is the Client Name
- Example: gujNGnhXTSmK
- Make sure there is no space in front when copy and pasting
- SP Entity ID: g.codefresh.io
- ACS URL: On the Codefresh side, this is the Assertion URL
- Also known as the callback URL
- Login URL: On the Codefresh side, this is the Assertion URL without the /callback
- IDP URL: Can add a custom name at the end or leave it as default
- Attributes: add the following
- email: email
- firstName: firstname
- lastName: lastname
- Activate
- Continue
- IDP Entity ID: On the Codefresh side, this is the Client Name
- Once saved, you will get a notification on the top right to download the Certificate. Download the Certificate
Back In Codefresh
- We are going to fill in the fields with the JumpCloud Information
- IDP Entry: this will be the IDP URL from the SSO Tab in Jump Cloud
- Application Certificate: Copy and paste the information from the Certificate we downloaded.
- Note: you will get a warning when editing the Certificate section
- You can use with or without the
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
as long the Certificate data is there
- Click Save
Test SSO Connection
Now test the SSO with a test user in a different browser or private/incognito browser to make sure it is working
- Go to Account Settings > User & Teams
- Locate a test user
- On the SSO Column, select the SSO name to enable SSO for the user
- In a different browser or private/incognito browser window use the Corporate option to log in