Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Get Started: Applications (SAML SSO)

            Created by Karen Pearl Enrique, Modified on Fri, 16 Jun, 2023 at 6:23 PM by Karen Pearl Enrique

            JumpCloud’s Directory-as-a-Service gives your organization’s employees access to supported applications using their JumpCloud credentials. This centralized method of identity uses one set of employee credentials to gain access to all applications, versus creating individual log-ins for each application. This Single Sign On (SSO) workflow lets the JumpCloud-managed identity be asserted via the SAML protocol to an application.



            End User Experience

            After you configure both the IdP and SP for SSO, employees can access the applications in two ways:

            • IdP-Initiated  – Access from the JumpCloud User Portal.
            • SP-Initiated  – Access directly from the application.

            IdP-Initiated

            For IdP-initiated SSO, users access an SP application from the JumpCloud User Portal.

            User workflow for IdP initiated SSO:

            1. Log in to the JumpCloud User Portal: https://console.jumpcloud.com/
            2. Go to Applications.
            3. Click an application tile to launch the application. JumpCloud asserts the user’s identity to the SP and is authenticated without the user having to log in to the application.

            SP-Initiated

            For SP initiated SSO, users accesses an SP application from the SP application’s login.

            Note: 

            SP-initiated SSO isn’t supported by all SP applications.

            User workflow for SP initiated SSO:

            1. Go to the SP application login.
            2. Generally, there is either a special link or an adaptive username field that detects the user is authenticated through SSO. This varies by SP.
            3. Login redirects the user to JumpCloud. The user enters their JumpCloud credentials.
            4. After the user is logged in successfully, they are redirected back to the SP and automatically logged in.

            Additional User Experience Considerations

            Session timeout in JumpCloud is independent of SSO service providers. In situations where users of SSO applications experience a User Portal timeout (depending on session timeout settings), keep in mind:

            • Session timeout is completely independent of the service provider when configuring the JumpCloud User Portal Session Duration under Settings in the Admin Portal.
            • Some connectors will support passing along a Constant Attribute to dictate the duration of a user session before expiry. An example of this is Amazon AWS’s “SessionDuration.”

            A few connectors support SLO (Single Logout). This is not related to session timeouts; SLO is a configuration that will push the user to the JumpCloud User Portal when logging out of the service provider application.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0