Improve this page on GitHub

JumpCloud (SAML)

Setting Up JumpCloud via SAML

Setup Instructions

Below describes how to set up JumpCloud for Single Sign-On with Codefresh using SAML. If you do not have the SAML option, please create a support ticket enable SAML for the account.

In Codefresh

  1. Go to Account settings > Single Sign On
  2. Select Add Single Sign On > SAML
  3. We need to create an Entry with temp info since we need Codefresh information first for JumpCloud
    • Display Name: Name you want
    • IDP Entry: type in any character
    • Application Cert: type in any character
  4. Save
  5. Click Edit, and we will come back for the information

In JumpCloud

  1. Go to the SSO Section
  2. Click the Green +
  3. Select Custom SAML
  4. Add a Display Label (can be what you want)
  5. Click the SSO Tab
    1. IDP Entity ID: On the Codefresh side, this is the Client Name
      • Example: gujNGnhXTSmK
      • Make sure there is no space in front when copy and pasting
    2. SP Entity ID: g.codefresh.io
    3. ACS URL: On the Codefresh side, this is the Assertion URL
      • Also known as the callback URL
    4. Login URL: On the Codefresh side, this is the Assertion URL without the /callback
    5. IDP URL: Can add a custom name at the end or leave it as default
    6. Attributes: add the following
      • email: email
      • firstName: firstname
      • lastName: lastname
    7. Activate
    8. Continue
  6. Once saved, you will get a notification on the top right to download the Certificate. Download the Certificate

Back In Codefresh

  1. We are going to fill in the fields with the JumpCloud Information
  2. IDP Entry: this will be the IDP URL from the SSO Tab in Jump Cloud
  3. Application Certificate: Copy and paste the information from the Certificate we downloaded.
    • Note: you will get a warning when editing the Certificate section
    • You can use with or without the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- as long the Certificate data is there
  4. Click Save

Test SSO Connection

Now test the SSO with a test user in a different browser or private/incognito browser to make sure it is working

  1. Go to Account Settings > User & Teams
  2. Locate a test user
  3. On the SSO Column, select the SSO name to enable SSO for the user
  4. In a different browser or private/incognito browser window use the Corporate option to log in