JumpCloud
Overview
What is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. Many protocols and standards are available when identifying and working with the SSO. These include: SAML, OAuth, OIDC, Keberos, and Smart Card Authentication.
The feature applies to versions 8.4.5 and above.
Security Assertion Markup Language (SAML)
SAML is an open standard that encodes text into machine language and enables the exchange of identification information. It has become one of the core standards for SSO and is used to help application providers ensure their authentication requests are appropriate. In addition, SAML 2.0 is specifically optimized for use in web applications, enabling information to be transmitted through a web browser.
Motadata ServiceOps supports SAML-based SSO integration that includes the following services:
- JumpCloud
- OKTA
- Azure AD
- ADFS
- One-Login
- WSO2
- Keycloak
Here, the Identity and Service Provider plays a vital role as they are the central management system for authentication:
Identity Provider (IDP) – A centralized management system or repository responsible for authenticating the user and passing the details to the service provider.
Service Provider (SP) - The owner of the Applications whose services the user will use. It trusts IDP and uses it to authenticate.
SSO Flow
Initially, the user requests a SAML SSO to access the Service Provider's (SP) service. Next, the SP requests the IDP for authentication. Here, the IDP checks the user's existence and replies to the SP. Communication between the SP and IDP takes place using SAML data format.
Authentication Flow
- The Service Provider (SP) initiates the sign-in flow when the user tries to access or sign-in directly on the service provider's site. If the user has an inactive session with the SP, the user will get redirected to the IDP for authentication. Thus, the user will get redirected to the SP on successful login.
- The Identity Provider (IDP) initiates the sign-in flow when the user goes to the IDP and views a list of SPs he has to access. Thus, when choosing an SP from that list, the user will be redirected to that SP.
SSO Configuration
To configure SSO, follow the below steps:
- Create an account and log in to the JumpCloud portal.
- If you already have an account, directly log in to the JumpCloud portal with admin credentials.
- In the left-hand menu, navigate to the SSO Applications menu and create an application using the + Add New Application button.
- Select the application type as 'Custom Application'.
- Click Next.
- Select the 'Configure SSO with SAML' option in the Manage Single Sign-On section, and click Next.
- Enter the application details:
Display Label: Enter a name for the application. Example: ServiceOps
Description: (Optional) Provide a description of the application.
User Portal Image: (Optional) Upload a logo or select the color indicator for the application.
Once done, click Save Application.
- Next, click Configure Application.
- In the SSO tab, configure the following SAML Settings.
- SP Entity ID: Copy and paste the ID from ServiceOps.
- ACS URL: Copy and paste the Assertion Consumer URL from ServiceOps.
Once done, click Save.
- For IDP details, download the IDP metadata file using the Export Metadata button either from the application details page or from the list page, as shown below.
- Open the Metadata XML file, copy the highlighted Entity ID, Login URL, and the Security Certificate from here, and paste them into the ServiceOps.
The SSO setup is now complete.
- You can verify this by opening the ServiceOps Portal and signing-in using the SSO Login button, as shown below.
JumpCloud admin users cannot login via SSO.
- You will be redirected to the JumpCloud login page, as shown below.
- Enter the credentials, and click the SSO Login button. note
A user with a valid email address must be created in the JumpCloud portal.
- You will be redirected to the ServiceOps Portal, as shown below.
