All Collections
JumpCloud SAML Integration
JumpCloud SAML Integration

Learn how to set up SAML with JumpCloud

Updated over a week ago

Before you begin

To integrate Security Assertion Markup Language (SAML), you must first generate a client ID.

How it works

Step 1: Set up SSO

  1. In Verkada Command, go to All Products > Admin > Privacy & Security > Authentication & User Management.

  2. Click Add New to set up single sign-on (SSO).

Step 2: Create your Verkada app

  1. Navigate to your JumpCloud dashboard and click SSO to view your SSO applications.

  2. Click the plus (+) icon to create a new application.

  3. Click Custom SAML App.

  4. Name your application, add a description, and (optionally) change the icon. Use a name relevant to Verkada.

  5. When you're finished, at the top menu, select SSO, and click activate.

  6. Configure the IdP Entity ID, SP Entity ID, and ACS URL as follows:

    1. Alternatively, you can copy the fields from Command.

      Note: To confirm which region you're located, please refer to where your organization was created for Verkada.

  7. Click activate.

  8. Scroll down and select the dropdown to set your SAML Subject NameID Format to urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

  9. Check the Sign Assertion box, if not done already.

  10. Set the Login URL where you can replace <client-ID> by your previously-generated client ID (in this application example, cto is the client ID):

  11. Check the Declare Redirect Endpoint box, if not done already, and click activate.

Step 3: Configure SAML attributes

  1. Scroll down further and click add attribute THREE times to open 3 attribute fields.

  2. Type the information exactly as it appears in the screen below; it is case-sensitive.

  3. Select User Groups and confirm the groups you want to enable SSO access for are checked. In this JumpCloud instance, there is only one group named All Users.

  4. Click activate to enable this group access to your Verkada application.

  5. Click activate > confirm to complete your new SSO connector instance.

Step 4: Export XML metadata

  1. Once activated, go back to the featured application to download your XML metadata file.

  2. Select SSO and click Export Metadata to export the JumpCloud Metadata file.

  3. Save the exported file, give it a relevant name, and click OK > Save.

Step 5: Upload XML metadata

  1. Go to Command and upload your IdP XML metadata file.

  2. When the file is uploaded, click Add Domain to add the Fully Qualified Domain Name (FQDN) that your users log in with.

  3. Type the domain name and press Enter to save. You can repeat this process for multiple domain names.

  4. Run the login test. It is expected behavior that the page refreshes to your IdP's authentication page. If you're not already authenticated, then it bounces back to Command. If the test is successful, you should see a success message.

  5. (Optional) You can enable Require SSO to force users to SSO instead of logging in via Command.

Step 5: Ensure your SSO users are provisioned (optional)

Note: Make sure your users using SSO are already provisioned in Command, whether you use SCIM or you create their accounts manually; otherwise, SSO does not work.

To log in using SSO:

  1. Your users can access the JumpCloud User Console (IdP-initiated flow).

  2. Choose single sign-on via Command (Service Provider [SP]-initiated flow).

Need more help? Contact Verkada Support

Did this answer your question?