SSO Setup: JumpCloud

This article describes how to set up JumpCloud as the SSO IdP for your digital workplace. This configuration process takes place in both JumpCloud and your workplace.

Configure SSO within JumpCloud

1. Log into your JumpCloud Administrator Console.
2. Select Applications from the navigation menu.
3. Click the + button to add a new application. This will open the Configure Application window where the majority of JumpCloud configuration occurs.
4. In the Configure Application window, search for Igloo and then click the Configure button located next to it.
5. Igloo does not currently provide XML metadata, so you must fill in the following fields manually:
   • Display Label: Enter a descriptive name for this application.
   • IDP Entity ID:  Leave the default value.
   • SP ENTITY ID: Modify and enter the following URL: 
     • https://[digital workplace URL].com/saml.digest
   • ACS URL: Modify and enter the following URL: 
     • https://[digital workplace URL].com/saml.digest
   • IDP URL: Leave the default value. If you have already set up an application using this URL, you will need to enter a new value of your choice.
6. Click the Activate button to continue with setting up the application. It should now appear in the list of Applications.
7. Select this application's entry from the list of applications to view its details.
8. While viewing the application, click IDP Certificate Valid and then select Download certificate to save a copy of the certificate to your computer. 

Configure SSO within Igloo

1. Log into your digital workplace.
2. Click the Cog on the Userbar to access the Control Panel.
3. Select Sign In Settings from the Membership section of the Control Panel.
4. Click the Configure SAML Authentication link on the Sign In Settings page to navigate to your workplace's SSO configuration. If you do not have a Configure SAML Authentication link on your Sign In Settings page contact Igloo Support.
5. Configure the General Configuration fields:
   • Connection Name: Enter a descriptive name for this connection.
   • IdP Login URL: Enter the IDP URL of your JumpCloud application.
   • IdP Logout URL: Leave this field empty. 
   • Logout Response and Request HTTP Type: Select Post.
   • Logout Final Redirect URL: Leave this field empty.
   • Binding Type: Select Post.
   • Public Certificate: Paste in the certificate that you downloaded in step 8 of Configuring SSO with JumpCloud.
6. Configure the Response and Authentication Configuration fields:
   • Identify Provider: Select Other.
   • Identifier Type: Select Email Address.
   • Identifier Path: Enter the value: 
     • /samlp:Response/saml:Assertion/saml:Subject/saml:NameID
   • Session Index Path: Enter the value: 
     • /samlp:Response/saml:Assertion/saml:AuthnStatement
   • Email Path: Enter the value: 
     • /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="Email"]/saml:AttributeValue.
   • First Name Path: Enter the value:
     • /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="FName"]/saml:AttributeValue.
   • Last Name Path: Enter the value:
     • /samlp:Response/saml:Assertion/saml:AttributeStatement/saml:Attribute[@Name="LName"]/saml:AttributeValue
   • Drift Time (In Seconds): Leave this field as the default value of 5.
7. For the User creation on Sign in option, select how your digital workplace handles users who attempt to sign in to your digital workplace when they have valid credentials but are not members of the workplace. If your digital workplace uses the ILST to manage members, select Do not create new users when they sign in to avoid the creation of duplicate user accounts. 
8. For the User creation on Sign in Settings, select how members navigate to the SSO sign in page. "Use the SAML button on Sign in screen" adds an SSO sign in button to the Igloo Authentication page, while "Redirect all users to IdP" redirects members to your SSO's sign in page if they attempt to access the workplace without an existing session.
9. Click the Save button to apply these settings.