Setting up a SAML Application in JumpCloud
Prerequisites
Your Prolaborate site should have a valid SSL Certificate.
If you don’t have a SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with Prolaborate team to know more about it.
Service Provider Configuration
To configure the Service Provider, click on Menu → SAML Settings.
From the top right of the page that open, click on Enable SSO.
Under Service Provider Configuration,
- Name and Assertion Consumer URL will be prefilled. These URLs will be used as ‘Entity ID’ and ‘Audience URI (SP Entity ID)’ in JumpCloud configuration respectively.
- Choose the .pfx file of your SSL certificate
- Enter the Password of the .pfx file
Configuring Prolaborate in JumpCloud
The following sections will elaborate the steps involved in setting up Prolaborate in JumpCloud.
Create a new SAML Application
To create a new SAML application, follow the below steps:
- Log in your JumpCloud account
- Select SSO and Click on Add Applications button
3. In the Configure New SSO Application window to click on Custom SAML App to create new application
General Info
- Display name – Enter your Application Name (say Prolaborate).
- Description (Optional) – Enter the application Description
- App logo (Optional) – Review the tool tips for details about the type of image you can use for your logo.
Single Sign-On Configuration
- IDP Entity ID – Enter your Application Name (say Prolaborate).
- Fill ‘SP Entity ID’ and ‘ACS URL’ fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration).
- SP Entity ID – Enter the URL from Service Provider Name/Entity ID field from Prolaborate
- ACS URL – Enter the URL from Service Provider Assertion Consumer URL (ACU) field from Prolaborate
- Upload SP certificate – Browse SSL certificate (.cer file) of Prolaborate instance and click on Upload Certificate
User Attributes mapping
Attribute Statements should be configured as below:
Attribute Name | Value |
---|---|
username | username |
firstname | firstname |
lastname | lastname |
Click on Activate.
Download JumpCloud Metadata
Open the Prolaborate application again and expand Single Sign-On Configuration, click on Export Metadata under JumpCloud Metadata to download the file.
Usergroup Configuration
Click on User Groups to configure User/ User groups to the Prolaborate application
Identity Provider Configuration
Go back to Prolaborate, click on Menu → SAML Settings.
Fill the Identity Provider Configuration as per the instructions below:
- Select your Identity Provider as Others.
- Fill Name/Entity ID using Entity id availed from from JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata ).
3. Fill Sign In URL field using Location URL from the JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata )
4. Certificate File: Follow the steps to upload JumpCloud Certificate file
- Copy the Certificate URL from the JumpCloud Metadata Xml file (Refer to section Download JumpCloud Metedata).
b. Open Notepad application, and paste the certificate URL
c. Save the Certificate as JumpCloud.cer file
d. Choose the JumpCloud.cer file In the Certificate File field
Default Access Control Profile
Click on Manage Profiles to create a new profile.
Click on Create Profile.
Give a Name to the Profile and configure permissions.
This is the permission that will be provided to all the users logging into Prolaborate using their SSO credentials.
You can choose any one of the following options:
- Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories
- Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories
Click Save.
Now, go back to SAML Settings page.
Select the newly created profile and click Save.
Log in with JumpCloud Credentials
Once the configuration is done, your users will start to see a new button on the login page called Login with SSO.
When they click on Login with SSO,
They will be redirected to the corresponding URL. They can then give their JumpCloud credentials to login to Prolaborate.
You will be redirected to Prolaborate successfully if the configuration is done right as said in the document.
Note the Repositories you see will be based on Default Access Control Profile‘
Please check the configuration if you are not logged in to Prolaborate.
Logging out from Prolaborate
When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session.