Please enable JS

Setting up a SAML Application in JumpCloud

November 20, 2020

Prerequisites

Your Prolaborate site should have a valid SSL Certificate.

If you don’t have a SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with Prolaborate team to know more about it.

Service Provider Configuration

To configure the Service Provider, click on Menu → SAML Settings.

From the top right of the page that open, click on Enable SSO.

Service Provider Configuration

Under Service Provider Configuration,

Service Provider Configuration
  1. Name and Assertion Consumer URL will be prefilled. These URLs will be used as ‘Entity ID’ and ‘Audience URI (SP Entity ID)’ in JumpCloud configuration respectively.
  2. Choose the .pfx file of your SSL certificate
  3. Enter the Password of the .pfx file

Configuring Prolaborate in JumpCloud

The following sections will elaborate the steps involved in setting up Prolaborate in JumpCloud.

Create a new SAML Application

To create a new SAML application, follow the below steps:

  1. Log in your JumpCloud account
  2. Select SSO and Click on Add Applications button
    3. Add SSO
  3. In the Configure New SSO Application window to click on Custom SAML App to create new application
    4. Configure SAML

General Info

  1. Display name – Enter your Application Name (say Prolaborate).
  2. Description (Optional) – Enter the application Description
  3. App logo (Optional) – Review the tool tips for details about the type of image you can use for your logo.
    4. Configure SAML

Single Sign-On Configuration

  1. IDP Entity ID - Enter your Application Name (say Prolaborate).
  2. Fill ‘SP Entity ID’ and ‘ACS URL’ fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration).
    • SP Entity ID - Enter the URL from Service Provider Name/Entity ID field from Prolaborate
    • ACS URL - Enter the URL from Service Provider Assertion Consumer URL (ACU) field from Prolaborate
  3. Upload SP certificate - Browse SSL certificate (.cer file) of Prolaborate instance and click on Upload Certificate
    4. Upload certificate

User Attributes mapping

Attribute Statements should be configured as below:

Attribute Name Value
username username
firstname firstname
lastname lastname
email email
Upload certificate

Click on Activate.

Download JumpCloud Metadata

Open the Prolaborate application again and expand Single Sign-On Configuration, click on Export Metadata under JumpCloud Metadata to download the file.

Configure SAML

Usergroup Configuration

Click on User Groups to configure User/ User groups to the Prolaborate application

Configure SAML

Identity Provider Configuration

Go back to Prolaborate, click on Menu → SAML Settings.

IDP configuration

Fill the Identity Provider Configuration as per the instructions below:

  1. Select your Identity Provider as Others.
  2. Fill Name/Entity ID using Entity id availed from from JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata ).
    3. Configure SAML
  3. Fill Sign In URL field using Location URL from the JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata )
    4. Configure SAML
  4. Certificate File: Follow the steps to upload JumpCloud Certificate file
    1. Copy the Certificate URL from the JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata).
      2. IDP Configuration
    2. Open Notepad application, and paste the certificate URL
    3. Save the Certificate as JumpCloud.cer file
    4. Choose the JumpCloud.cer file In the Certificate File field

Default Access Control Profile

Click on Manage Profiles to create a new profile.

Click on Create Profile.

Configure SAML

Give a Name to the Profile and configure permissions.

This is the permission that will be provided to all the users logging into Prolaborate using their SSO credentials.

You can choose any one of the following options:

  1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories
  2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Click Save.

Now, go back to SAML Settings page.

Select the newly created profile and click Save.

Log in with JumpCloud Credentials

Once the configuration is done, your users will start to see a new button on the login page called Login with SSO.

When they click on Login with SSO,

Configure SAML

They will be redirected to the corresponding URL. They can then give their JumpCloud credentials to login to Prolaborate.

jumpcloud Login

You will be redirected to Prolaborate successfully if the configuration is done right as said in the document.

Note the Repositories you see will be based on Default Access Control Profile

jumpcloud Login

Please check the configuration if you are not logged in to Prolaborate.

Logging out from Prolaborate

When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session.

  Get Started with EA Cloud      Get Started with Prolaborate
Any questions? Contact us
Book a Demo