JumpCloud SAML SSO Integration

JumpCloud SAML SSO Integration

Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.

JumpCloud Exium integration handles users seamless access to Exium. Administrators can easily attach Exium security policy groups to JumpCloud users. Unique features of this integration are

  • Simple steps to integrate JumpCloud API with Exium
  • Push New Users from JumpCloud to Exium
  • Push User Deactivation from JumpCloud to Exium
  • Reactivate Users from JumpCloud to Exium
  • Single sign-on from JumpCloud to sign-on to Exium

This note explains how to configure JumpCloud Exium application settings and Exium Workspace settings so that JumpCloud Users can be synced with Exium Workspace in real time and SSO from JumpCloud can be used to sign-on to Exium Service.

Following steps elaborate JumpCloud SAML2 API Integration with Exium

1. Select JumpCloud as Sign-in Option on Exium

To change JumpCloud as Sign-in option, Click on Settings tab on Admin Console on Exium partner portal as shown below.

 

Click on Profile tab in Profile page and copy Workspace as shown below. This is required to configure JumpCloud SSO IDP Entity ID and IDP URL in next step.

Click on Sign-in tab in Profile page and select JumpCloud. Copy SAML 2.0 SSO URL and SAML 2.0 SP Entity ID one after other to paste in JumpCloud Exium app as explained in next step.

 

2. Create Exium app on JumpCloud

In your JumpCloud account console (console.jumpcloud.com), you can create Exium application by creating custom SAML app with required configuration settings. On left nav bar, click on SSO under user authentication section, click on + icon under SSO Page. Click on Custom SAML App as shown below.

2.1 Enter App details

Under General Info tab, Enter Display Label and Description (Optional). Optionally, you can also upload logo and click on SSO tab.

 

2.2 Add SSO Service Provider (SP) Details

Under SSO tab, enter Workspace name (copied on step1) as IdP Entity ID. Paste SP Entity ID (SAML 2.0 SP Entity ID on Exium Portal) and ACS URL (SAML 2.0 SSO URL on Exium Portal from Exium Portal(copied on step 1).

2.3 Add IDP URL and Attribute Mapping

After Step 2.3 scroll down to see IDP URL and Attribute mapping under SSO page. Enter Workspace name (copied in step1) as last part in IDP URL as shown below.

On Attributes section, click on add attribute, enter firstname under Service Provider Attribute Name and select firstname from drop down under JumpCloud Attribute Names.

Click on add attribute, enter lastname under Service Provider Attribute Name and select lastname from drop down under JumpCloud Attribute Names.

After all details are entered as shown below, click on activate.

 

2.4 Download Identity Provider (IdP) Metadata

on SSO applications page, select on newly created Exium app by clicking on select box on left side. Click on export metadata. This will download JumpCloud-saml2-metadata.xml to your desktop. This file content has to be copied to Exium portal in step 3.

 

3. Update Metadata XML on Exium Portal

As a next step, Sign-in option on Exium Portal has to be saved by filling-in SAML 2.0 IDP Metadata XML Content. The contents of this metadata xml shall be copied from Metadata file downloaded on step 2.4.

Open the JumpCloud-saml2-metadata.xml downloaded on step 2.2 with any editor locally available. Select file contents and copy to clipboard. Paste the contents on SAML 2.0 IDP Metadata XML Content as shown below and click Save.

 

 

4. Assigning User Groups on JumpCloud

As a next step, you can assign user groups to Exium app on JumpCloud. This can be done whenever you wish to add more users or groups to Exium app. Click on User Groups on left nav bar. Search for a group and Click on Expand(>) icon on right side of the group as shown below.

 

 

Under Applications tab, Click on select icon next to newly created Exium app and click Save as shown below.

 

5. Verify SSO on Exium Agent

To Verify successful SSO Integration you can download Exium agent received in welcome mail and Copy Workspace name as shown below.

 

After Exium agent is successful installed, enter Workspace name (copied from welcome mail) and Click on Continue as shown below.

 

Since this workspace is integrated with JumpCloud, Exium agent opens a browser window for JumpCloud SSO authentication. On Successful JumpCloud SSO authentication, User gets logged in to Exium and can connect to Exium.

6. Verify SSO on Exium Service URL

If you are part of admin group, you can access admin console through SSO. you can press your workspace name on service portal by entering the workspace name. Browser opens one more tab for JumpCloud authentication. (Note: Some browsers block popups. You need to allow the popup to allow one more tab to be opened to take JumpCloud authentication).

After successful authentication, it’ll show the message that “User is successfully Verified.” You can close the tab, then you’ll be in admin console in the original tab where you have entered workspace name. If the SSO verified user is not part of admin user, it gives an error that you don’t have access.

7. Check Users on Exium 

All the users assigned to Exium app are synced through SAML to Exium service when they login to service. On Exium Admin Console, Click on Users box. Under Users page, you will see all the assigned users (with associated groups) are synced from JumpCloud to Exium.

If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/

If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net